Overview

overview

10

Static

static

SIn Internet

windows7_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    07/07/2020, 12:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    mssecsvc.exe

  • Size

    3.6MB

  • MD5

    c18efac56280dfe18ebd1f361029d3f7

  • SHA1

    b079ad82c2341e9178ced0b6a62a484a12075b56

  • SHA256

    d013be1440f64e234c7631f2a3bb1b4d7c12bcb97d3804dc0e66753cde13ebc8

  • SHA512

    8d1b77db6ad14e282cbcd3424318ee1457430e55d94fc7e27c528060082ec968d7ddee605784cc08ce216bcbed7486991dd36168bc01e3a56268c2d33b828191

Score
10/10
ransomwarewormwannacry

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 49 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe
    "C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe"
    1⤵
    • Drops file in Windows directory
    PID:1768
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:1992
  • C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe
    C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe -m security
    1⤵
    • Modifies data under HKEY_USERS
    • Drops file in System32 directory
    PID:1944
  • C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Drops file in System32 directory
    PID:1756
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:876
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads