Overview

overview

10

Static

static

10

cea3e8a3e5...e1.exe

windows7-x64

10

cea3e8a3e5...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cea3e8a3e541ae4c928c3cd33f6772f1a69746393ac1a5c4575379a09a92d1e1

  • Size

    148KB

  • MD5

    a7637dfb6b9408fe020d9333d0ade6dc

  • SHA1

    930c34743ab12c80512723db0aa7b8b4762fcc84

  • SHA256

    cea3e8a3e541ae4c928c3cd33f6772f1a69746393ac1a5c4575379a09a92d1e1

  • SHA512

    a522e3be00f3c32cd318cca7995e0f6f604a0590de3f4c2830920347328d405d178bdd2c2406e3b835cc5e5037e2d2348456b138878644231af94e51fc4b4e94

  • SSDEEP

    3072:ym0ROZIL87L1yoklfzGp3XjRaDyZYMqqD/A+lHlC:ypMCL8rpHjRa0qqD/NjC

Score
10/10

Malware Config

Signatures

  • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs
  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • cea3e8a3e541ae4c928c3cd33f6772f1a69746393ac1a5c4575379a09a92d1e1
    .exe windows:5 windows x86 arch:x86

    168ea5b327edf5713a2bb8e19a928d13


    Headers

    Imports

    Sections