General

  • Target

    54b45f35926b12f7853e4854ae1d0a233ba1817451450d9b9fdf4e9b1412024f

  • Size

    959KB

  • MD5

    0ee7386109b1f3596ae62735cf53f6b3

  • SHA1

    0a67f0154a003fd06597a28dd2fd3e2f63b333b7

  • SHA256

    54b45f35926b12f7853e4854ae1d0a233ba1817451450d9b9fdf4e9b1412024f

  • SHA512

    dbc5f19de20129121c3c8ba6d3230198272a150023a7ec896bec14c2d33c6ed49cb6fc5dbb19250674e763a9e3f2f9dad4badffd9fe712a97b1c36c0d1291a73

  • SSDEEP

    24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdtF:Ujrc2So1Ff+B3k796L

Score
10/10

Malware Config

Signatures

  • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 54b45f35926b12f7853e4854ae1d0a233ba1817451450d9b9fdf4e9b1412024f
    .exe windows:5 windows x86 arch:x86

    216df81b1ef7bc2aa8ec52bbeef137c9


    Headers

    Imports

    Sections