Overview

overview

10

task1

 

10

task2

 

10

Resubmissions

18-10-2019 15:52

191018-8typv9j9fn 0

09-08-2019 12:22

190809-4hmrwf3nzs 0

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

  • Size

    3.4MB

  • Sample

    191018-8typv9j9fn

  • MD5

    84c82835a5d21bbcf75a61706d8ab549

  • SHA1

    5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

  • SHA256

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

  • SHA512

    90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Score
10/10

Malware Config

Targets

    • Target

      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

    • Size

      3.4MB

    • MD5

      84c82835a5d21bbcf75a61706d8ab549

    • SHA1

      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

    • SHA256

      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

    • SHA512

      90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

    Score
    10/10

    • Wannacry file encrypt

    • wannacry family

      family

    • Deletes shadow copies

      ransomware

    • Executes dropped EXE

    • Modifies file permissions

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run entry to start application

      persistence

    • Checks system information in the registry (likely anti-VM)

    • Drops Office document

      dropperexploitermaldoc

    • Modifies service

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

File Deletion

1
T1107

File Permissions Modification

1
T1222

Disabling Security Tools

1
T1089

Modify Registry

5
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Defacement

1
T1491

Tasks