General

  • Target

    b9d3d54532bcc21e9b05754ae0a2f81df5434e4dfd1fcbc840e5466ca38d3060

  • Size

    959KB

  • MD5

    1e9e399b7a31cc85062cb039bae72a44

  • SHA1

    3702b81069cbb9251be59f85d25c54b55443ae72

  • SHA256

    b9d3d54532bcc21e9b05754ae0a2f81df5434e4dfd1fcbc840e5466ca38d3060

  • SHA512

    edf2c5cc11d564b40850e1741eec8477d90e55304d1bc08646c826f100877ae71057e8fbd4b1df164d67e891c826f30be1127d7d9a8dced09dafad7693031a9a

  • SSDEEP

    24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdxF:Ujrc2So1Ff+B3k796n

Score
10/10

Malware Config

Signatures

  • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b9d3d54532bcc21e9b05754ae0a2f81df5434e4dfd1fcbc840e5466ca38d3060
    .exe windows:5 windows x86 arch:x86

    216df81b1ef7bc2aa8ec52bbeef137c9


    Headers

    Imports

    Sections