General
-
Target
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.zip
-
Size
3.4MB
-
Sample
200917-fzlr4wljjj
-
MD5
11d35d34cdeb7fc2772c6d02cc9754dd
-
SHA1
c06886933876c6afefe3dd360da48533e2a80ec6
-
SHA256
cb6602ec77e62c6f9f37a762870ee8917211d05f9138cf161047842e0eef8092
-
SHA512
ab1437393544f013de921187a66ea39040e42f5f77d4f061f6c7aed6322c3cc23e3912589d6ce34694a78b1996899098ed065dec9d93102041de4fc26baad363
Static task
static1
Behavioral task
behavioral1
Sample
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.bin.exe
Resource
win10v200722
Malware Config
Extracted
C:\ProgramData\mpvxsxzo192\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.bin
-
Size
3.6MB
-
MD5
d5dcd28612f4d6ffca0cfeaefd606bcf
-
SHA1
cf60fa60d2f461dddfdfcebf16368e6b539cd9ba
-
SHA256
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf
-
SHA512
dbfcf464c3211b7454c406a9f9532c416910ac24ea862d7061e3503f294d690b4957020dcc703984449e0934c7a595cf9061412fa25383850dd86235648ac23b
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
JavaScript code in executable
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-