Overview
overview
10Static
static
10WannaCry/H...c1.dll
windows7_x64
1WannaCry/H...c1.dll
windows10_x64
1WannaCry/H...81.dll
windows7_x64
10WannaCry/H...81.dll
windows10_x64
10WannaCry/T...7f.dll
windows7_x64
10WannaCry/T...7f.dll
windows10_x64
10WannaCry/T...71.dll
windows7_x64
10WannaCry/T...71.dll
windows10_x64
10WannaCry/T...02.dll
windows7_x64
10WannaCry/T...02.dll
windows10_x64
10WannaCry/T...2f.dll
windows7_x64
10WannaCry/T...2f.dll
windows10_x64
10WannaCry/T...a6.dll
windows7_x64
10WannaCry/T...a6.dll
windows10_x64
10WannaCry/T...3f.dll
windows7_x64
10WannaCry/T...3f.dll
windows10_x64
10WannaCry/T...66.dll
windows7_x64
10WannaCry/T...66.dll
windows10_x64
10WannaCry/T...ba.dll
windows7_x64
10WannaCry/T...ba.dll
windows10_x64
10WannaCry/T...37.dll
windows7_x64
WannaCry/T...37.dll
windows10_x64
10WannaCry/T...10.dll
windows7_x64
10WannaCry/T...10.dll
windows10_x64
10WannaCry/T...f2.dll
windows7_x64
10WannaCry/T...f2.dll
windows10_x64
10WannaCry/T...af.dll
windows7_x64
10WannaCry/T...af.dll
windows10_x64
10WannaCry/T...40.dll
windows7_x64
10WannaCry/T...40.dll
windows10_x64
10WannaCry/T...81.dll
windows7_x64
10WannaCry/T...81.dll
windows10_x64
10General
-
Target
WannaCry.7z
-
Size
81.8MB
-
Sample
201226-4cfq4gn5a2
-
MD5
0ef6a4c8e7a818e81ed5053275545d7a
-
SHA1
896ad9f448388b0d0311a6f4488aa081e970bca0
-
SHA256
edd1fbcf42000838a7cb6bc32d4f41d8c2f894c0e749f0239b238d0432d0bf92
-
SHA512
21cab89ae8bb2f1d5d2fea9d0d6f3bebc2c3157876cd17328f7dafc13ee8e56dd34cc0afef87fadc90540dad25f41d54889da2dc9eccd9c6eaa20ae2d2dd5314
Static task
static1
Behavioral task
behavioral1
Sample
WannaCry/HEUR.Trojan-Downloader.Win32.Generic.02c5f1515bf42798728fac17bfe1e4c1.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
WannaCry/HEUR.Trojan-Downloader.Win32.Generic.02c5f1515bf42798728fac17bfe1e4c1.dll
Resource
win10v20201028
Behavioral task
behavioral3
Sample
WannaCry/HEUR.Trojan.Win32.Generic.fc4bb3140f35cc8abd681b63096e7b81.dll
Resource
win7v20201028
Behavioral task
behavioral4
Sample
WannaCry/HEUR.Trojan.Win32.Generic.fc4bb3140f35cc8abd681b63096e7b81.dll
Resource
win10v20201028
Behavioral task
behavioral5
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.01bdc6fb077098f4a3b60f4b0e479a7f.dll
Resource
win7v20201028
Behavioral task
behavioral6
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.01bdc6fb077098f4a3b60f4b0e479a7f.dll
Resource
win10v20201028
Behavioral task
behavioral7
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.033f9150e241e7accecb60d849481871.dll
Resource
win7v20201028
Behavioral task
behavioral8
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.033f9150e241e7accecb60d849481871.dll
Resource
win10v20201028
Behavioral task
behavioral9
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.0ab2aeda90221832167e5127332dd702.dll
Resource
win7v20201028
Behavioral task
behavioral10
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.0ab2aeda90221832167e5127332dd702.dll
Resource
win10v20201028
Behavioral task
behavioral11
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.0ab9a60a55cb40fc338e8f4988feee2f.dll
Resource
win7v20201028
Behavioral task
behavioral12
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.0ab9a60a55cb40fc338e8f4988feee2f.dll
Resource
win10v20201028
Behavioral task
behavioral13
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.0d95f3f64e7782ec7acd3a1b76c276a6.dll
Resource
win7v20201028
Behavioral task
behavioral14
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.0d95f3f64e7782ec7acd3a1b76c276a6.dll
Resource
win10v20201028
Behavioral task
behavioral15
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.106e21fb736cb4e7a18a1746ef18e03f.dll
Resource
win7v20201028
Behavioral task
behavioral16
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.106e21fb736cb4e7a18a1746ef18e03f.dll
Resource
win10v20201028
Behavioral task
behavioral17
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.1147f2c00d4bfd70169fe034c5965066.dll
Resource
win7v20201028
Behavioral task
behavioral18
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.1147f2c00d4bfd70169fe034c5965066.dll
Resource
win10v20201028
Behavioral task
behavioral19
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.12cb506898dac8a271c8b940a9a3dfba.dll
Resource
win7v20201028
Behavioral task
behavioral20
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.12cb506898dac8a271c8b940a9a3dfba.dll
Resource
win10v20201028
Behavioral task
behavioral21
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.1d6958990c8c4f5b9b93efa692b84937.dll
Resource
win7v20201028
Behavioral task
behavioral22
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.1d6958990c8c4f5b9b93efa692b84937.dll
Resource
win10v20201028
Behavioral task
behavioral23
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.1e8e8eb9b0c25208b5c83be09430c010.dll
Resource
win7v20201028
Behavioral task
behavioral24
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.1e8e8eb9b0c25208b5c83be09430c010.dll
Resource
win10v20201028
Behavioral task
behavioral25
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.29a9dd686f08aacddacc43a0c57215f2.dll
Resource
win7v20201028
Behavioral task
behavioral26
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.29a9dd686f08aacddacc43a0c57215f2.dll
Resource
win10v20201028
Behavioral task
behavioral27
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.2a13081acf353142a3e792683520cfaf.dll
Resource
win7v20201028
Behavioral task
behavioral28
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.2a13081acf353142a3e792683520cfaf.dll
Resource
win10v20201028
Behavioral task
behavioral29
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.2e5a8ac5174219bcb08d7449e43b1440.dll
Resource
win7v20201028
Behavioral task
behavioral30
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.2e5a8ac5174219bcb08d7449e43b1440.dll
Resource
win10v20201028
Behavioral task
behavioral31
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.2f76b88b420003516f90062940ef7881.dll
Resource
win7v20201028
Behavioral task
behavioral32
Sample
WannaCry/Trojan-Ransom.Win32.Wanna.m.2f76b88b420003516f90062940ef7881.dll
Resource
win10v20201028
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
WannaCry/HEUR.Trojan-Downloader.Win32.Generic.02c5f1515bf42798728fac17bfe1e4c1
-
Size
69KB
-
MD5
02c5f1515bf42798728fac17bfe1e4c1
-
SHA1
3ec5ae59a7182bb8444e858e8cb0c853da5f583e
-
SHA256
532f2872fa75cf8b0d8d206955478324a4d23b8c88d7f3a93e567a962806ef9d
-
SHA512
415d717dd59e30d1aa1ba48c08af52c44edd6ce879ac18eb9b57b74d274e4462836068bf14ac3a6dc3f1fe7fe799abe9ac711d95dada78073cb96d8ce2264b19
Score1/10 -
-
-
Target
WannaCry/HEUR.Trojan.Win32.Generic.fc4bb3140f35cc8abd681b63096e7b81
-
Size
5KB
-
MD5
fc4bb3140f35cc8abd681b63096e7b81
-
SHA1
0946eff5c8cb8bca76dc0702e15076a332929439
-
SHA256
89c3af5318ed0d9de1f320f94152a6730a6a3cbef53593e2a23765da015132d9
-
SHA512
8848e247ece3f51de90c35b93902b46ae4099f611a056b2cf4431f7251296939647f1b964b948a578cba2aa74b4b4123a7a2e05e696e9941eecdb3aebf11be29
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Use of msiexec (install) with remote resource
-
Suspicious use of SetThreadContext
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.01bdc6fb077098f4a3b60f4b0e479a7f
-
Size
5.0MB
-
MD5
01bdc6fb077098f4a3b60f4b0e479a7f
-
SHA1
61acc362327a7df8f7672b905c62414f769beb61
-
SHA256
35c0e0c0e70565cfdc78ac708e122c2f65059ea337216418d674a343da90927e
-
SHA512
1c1adcf76854c615cd80ff489845c3261ff3de5f6dd1374527cdd5e00ecb0510a4a03df554f4299dd786d8d3abc6a3f7ad9ecda3cfed6e19b00c6cf30321bab5
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.033f9150e241e7accecb60d849481871
-
Size
5.0MB
-
MD5
033f9150e241e7accecb60d849481871
-
SHA1
09067fd23539df1ece704a92b2dca8e32f20f7c8
-
SHA256
5013a9fc3766f0c065d44c9f6a6a8c0101811d7df4860dd50cf627a0d28ed007
-
SHA512
e08d2eb9edacbda6dfc7b2a153eaa7f38fe967876df28230e0cc88d3511d8f867f32314f49e761f402d1ff6f10fb411546ca549d855d9676992788670d512015
Score10/10-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.0ab2aeda90221832167e5127332dd702
-
Size
5.0MB
-
MD5
0ab2aeda90221832167e5127332dd702
-
SHA1
f370045d8ac3f4ba78acf8bfe4c4d35758d5ea05
-
SHA256
64bb708b31b4b043018457c1098465ea83da7d6408c7029b2f68c333fc25891c
-
SHA512
8062093734b11fdd2a8650bfcbc22f36aa679103e7a7ebee74db1ecfcdbf9d9bf76d105f395308db713746dbadacc5796db85ab883a4187587f03b2d3cf7b75b
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.0ab9a60a55cb40fc338e8f4988feee2f
-
Size
5.0MB
-
MD5
0ab9a60a55cb40fc338e8f4988feee2f
-
SHA1
40b02f6f1d79200e8c2cca3123f08994b06cc0cf
-
SHA256
8fb8affd012c7c103942c3c544ca7a2e31375428bb6cd17fbd49a6be08e47103
-
SHA512
ccf39f7923768037e823a5f3ddfc0895bb244c35a39d5199cbcd6a830e1544c56e3aa322cf7ede0fa8332ce6925a01755c9e1606dddb308c5e6f63b855e2ae11
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.0d95f3f64e7782ec7acd3a1b76c276a6
-
Size
5.0MB
-
MD5
0d95f3f64e7782ec7acd3a1b76c276a6
-
SHA1
c9301e03c44831417d5afad96921e565577c08cf
-
SHA256
0b352401619b8b6375dd37ba94a8b73526f428631ac12145858a94ce354b5ddc
-
SHA512
2e0c5066169488d18fe4dd4981e90066ddf66ab0aa2dab41aecd0e444e595894bd418ab896503d4b2fbee98f9c13506911561e11f881117a74e9e1017eca6eb0
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.106e21fb736cb4e7a18a1746ef18e03f
-
Size
5.0MB
-
MD5
106e21fb736cb4e7a18a1746ef18e03f
-
SHA1
77a6da4aba3f6f0f8da2d5a5d646d295ca0fb088
-
SHA256
54d4b7ac7bafcf657cceb0ba8231d287065a1da82f9cc8dbf4077be950bf3d8e
-
SHA512
0056a56bb4a95743232034ea6db0fe692c43751c4854b1695cf82989be82c987e64fa48448cc07516409f3e50c0ae9c0b6ccefb37b504cc3f7a05334a5f6e7cb
Score10/10-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.1147f2c00d4bfd70169fe034c5965066
-
Size
5.0MB
-
MD5
1147f2c00d4bfd70169fe034c5965066
-
SHA1
9980fd5980bd588e0208b3bfd369ce2736a808b8
-
SHA256
9b96dfe280eea60d7b0c309cdf41828f486f4f4d541953874763fdd81d5fb2ef
-
SHA512
2e16bdf113d151397b3b4ffe1cdba6c4dbe9fdfc126e9095c2d2c97cf4261d45354dccfc6ceaa0b4a46e58b54d8b4ccd607f536b324af7c155e2564a315b7081
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.12cb506898dac8a271c8b940a9a3dfba
-
Size
5.0MB
-
MD5
12cb506898dac8a271c8b940a9a3dfba
-
SHA1
9c725b90c61f8c50d8f43e3f353e2874e9e8297b
-
SHA256
06397866c0315d894b742ff60416ca0c734344d9586752a6ee35279bb2907cd0
-
SHA512
03c1eb1f3d4232e08a718feb48b87535be6fba7aba752fed909d4933e9654ee1fa3a6909eaf5da312dfe6e16d1c33433f0b11f840d6e3559652b6e98ebc05589
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.1d6958990c8c4f5b9b93efa692b84937
-
Size
5.0MB
-
MD5
1d6958990c8c4f5b9b93efa692b84937
-
SHA1
58bc6052ee6a13dc4711ca73df029a694f6e7239
-
SHA256
716954bdf4ef6882a71c8f2aa3981190da7777b50a3988069bb68eed17c7ddc8
-
SHA512
cb1445e197763d3ae28e8b7186a5f57cd8f34cbcba7c627d7004eb6dddbca67526ae721aff62d26c21b3585c0caef698b236194c90619c970099a5eced8d2682
Score10/10-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.1e8e8eb9b0c25208b5c83be09430c010
-
Size
5.0MB
-
MD5
1e8e8eb9b0c25208b5c83be09430c010
-
SHA1
be0ed07c7ec11f091b5a351bde73f78458d8c8e3
-
SHA256
ba40208a38500e7c001fede2b264ae758e115750c80384f67ed4163edc5d2644
-
SHA512
51ea750fa7e9a0b3ef8e9088e70ade172a80a860a471a1cbce004628ab6866fbe882d7f1091da9c169473751defb826045bfc5aef227d9d8c85a14d0c217a8dc
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.29a9dd686f08aacddacc43a0c57215f2
-
Size
5.0MB
-
MD5
29a9dd686f08aacddacc43a0c57215f2
-
SHA1
3ed8902c24568adafc3ac35d9b4c92ba02406e8c
-
SHA256
02e4a7ebf81840f41a3c8b5e330a37977b7783120ed12deca77d30825266810d
-
SHA512
28234611882e8facdb6feb0072d72d4c8790d57a2b5eba33074f914a0a04ee4d95f50a4c9038c04526db37b5678e5d53363fb3f0ea168e13d948aa950e0fc4d4
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.2a13081acf353142a3e792683520cfaf
-
Size
5.0MB
-
MD5
2a13081acf353142a3e792683520cfaf
-
SHA1
9ced5f6260a5b508a6226693936a7d8f2308db27
-
SHA256
4c44d1c79e5f6f15d7dd3416f79e4fadb669c32615ab234767b506a8116e44f0
-
SHA512
ab9cee7fa2c4ee3a58031a82ea275c13d72a0399c2cc889170715e334cff8760be7fd8ee90a77128cdacbf4c6f3538f391f5c9d595653be24cfa0dacb947a210
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.2e5a8ac5174219bcb08d7449e43b1440
-
Size
5.0MB
-
MD5
2e5a8ac5174219bcb08d7449e43b1440
-
SHA1
85b598ce3a40735b1dbb489decfae29ff2bcf319
-
SHA256
f83fb171610f8e38b41401f44c58d3448966fb5a15dedc04a8a015d6d6ac6767
-
SHA512
2a66da1f7ae9a007276499bbd025a760897a98a7a315225b555f89c63889e90e1f4415c4e434f5097c441d9d7cf1a6b61a24c03936a0f2b84b7ae4cc6f006eec
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
WannaCry/Trojan-Ransom.Win32.Wanna.m.2f76b88b420003516f90062940ef7881
-
Size
5.0MB
-
MD5
2f76b88b420003516f90062940ef7881
-
SHA1
08b943a7b7f4d368ed0c66afa4c98087be5efd4b
-
SHA256
1c4a7589d26c97c38d4f826242b6740b35441e43ddd7394d399dbf94ab868483
-
SHA512
b3e9d92ec825adbb0cc05d65515a89c16b8af05b0dbaebca4f347d4c1e445c3722b0331be495c3eba0eeb0cb610b4fc60525b81ca1b97e50a27363870cc6596c
Score10/10-
Executes dropped EXE
-
Drops file in System32 directory
-