Overview

overview

10

Static

static

10

2bef6231c3...95.exe

windows7-x64

10

2bef6231c3...95.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2bef6231c3e742815f5a3a1da2861bccd7a4197aa1387a70f297a714afbb6495

  • Size

    959KB

  • MD5

    9dbb0838eb857c2cf22ca5407d6c85d7

  • SHA1

    fe486f8741f2f94fc79def45b4872030e5504d3a

  • SHA256

    2bef6231c3e742815f5a3a1da2861bccd7a4197aa1387a70f297a714afbb6495

  • SHA512

    1abacf15c959e3f31e54385de34ecec00291aa2dec2e00d663939edf93ff975a1303d579de1d89d00cf557e2e2984862e993ab05f1e0b125eb93d01d5618f417

  • SSDEEP

    24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdMF:Ujrc2So1Ff+B3k796u

Score
10/10

Malware Config

Signatures

  • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2bef6231c3e742815f5a3a1da2861bccd7a4197aa1387a70f297a714afbb6495
    .exe windows:5 windows x86 arch:x86

    216df81b1ef7bc2aa8ec52bbeef137c9


    Headers

    Imports

    Sections