Static task
static1
Behavioral task
behavioral1
Sample
01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.exe
Resource
win10v2004-20240508-en
General
-
Target
01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.bin
-
Size
79KB
-
MD5
f9afb31bc17811e5ab4fa406f105b1fe
-
SHA1
d1a9449dcc8a3aa0c887bce71f128866175f679a
-
SHA256
01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f
-
SHA512
6feca3dfa221b704208754e67bcdce02a2253961da098b3e376d11217cd00b9f77e42f37f242e1a1f4b759b5fd172c29c9f153fce32eace48e07e802aff40b55
-
SSDEEP
1536:SX6UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:uhZ5YesrQLOJgY8Zp8LHD4XWaNH71dLI
Malware Config
Signatures
-
Detects command variations typically used by ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICOUS_EXE_References_VEEAM -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.bin
Files
-
01c647838c374e91e8f9fe967fd25235d72264414bb0d5b82c4fbd4151a9717f.bin.exe windows:6 windows x86 arch:x86
202fa14f574c71c2f95878e40a79322d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
OpenProcess
GetTickCount
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcmpW
lstrlenW
SetVolumeMountPointW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileW
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrlenA
GetCommandLineW
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetCurrentProcess
ReadFile
SetFileAttributesW
SetFilePointerEx
WaitForSingleObject
CreateMutexA
WaitForMultipleObjects
GetCurrentProcessId
ExitProcess
CreateThread
ExitThread
SetProcessShutdownParameters
GetSystemInfo
lstrcmpiW
lstrcpyW
lstrcatW
OpenMutexA
MoveFileExW
WideCharToMultiByte
HeapAlloc
HeapFree
GetProcessHeap
ReleaseSemaphore
CreateSemaphoreA
TerminateProcess
Sleep
GetLastError
CloseHandle
GetVolumePathNamesForVolumeNameW
GetDriveTypeW
FindVolumeClose
FindNextVolumeW
GetLogicalDrives
FindFirstVolumeW
user32
wsprintfA
advapi32
QueryServiceStatusEx
OpenSCManagerA
EnumDependentServicesA
ControlService
CloseServiceHandle
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
OpenServiceA
shell32
SHEmptyRecycleBinA
CommandLineToArgvW
ShellExecuteW
netapi32
NetShareEnum
NetApiBufferFree
rstrtmgr
RmGetList
RmStartSession
RmEndSession
RmRegisterResources
mpr
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
Sections
.text Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 616B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ