General
-
Target
WannaHappy.exe
-
Size
220KB
-
Sample
210213-sljee9nq2s
-
MD5
fa187b42e289bbc3fe867ad23fa1a19c
-
SHA1
ecd00be8d18551267445e8777522c92591a45419
-
SHA256
c609f8ade568e817601f912dc17cc1e00bd684d212a934533eaa588b2834a860
-
SHA512
fb57e94ebe15b4ab732e52e3081c0607a770e3b879440c3a764e019646cb60f393fdd55cdb6e47836fa08a85a1d001e907121a786d172613527c04dc9b3a693c
Static task
static1
Behavioral task
behavioral1
Sample
WannaHappy.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
WannaHappy.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
WannaHappy.exe
-
Size
220KB
-
MD5
fa187b42e289bbc3fe867ad23fa1a19c
-
SHA1
ecd00be8d18551267445e8777522c92591a45419
-
SHA256
c609f8ade568e817601f912dc17cc1e00bd684d212a934533eaa588b2834a860
-
SHA512
fb57e94ebe15b4ab732e52e3081c0607a770e3b879440c3a764e019646cb60f393fdd55cdb6e47836fa08a85a1d001e907121a786d172613527c04dc9b3a693c
Score10/10-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Drops desktop.ini file(s)
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Sets desktop wallpaper using registry
-