General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazNIR0ZGMXk3ZlN3RjhzQUJQQ2ItRkJ6ckgzUXxBQ3Jtc0tuZlBOS2MyRENRTGx5V2RKVlllS3plSFNZaEk2cEs4UEI4S09jQlQ1SUFNeUc2ODB6OUljUFQ5ZDl2NEsyOHpIYlZRZWRXT2paeUZINmZNTm1QMndJdTN2S2FOalg5V28xS0Z4M3FrWEVrM01aSDBuaw&q=http%3A%2F%2Fwww.mediafire.com%2Ffile%2F9f8fds9s3efg7so%2FWannaCry_by_Rafael.rar%2Ffile
-
Sample
210724-hfvm3qllnj
Static task
static1
URLScan task
urlscan1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazNIR0ZGMXk3ZlN3RjhzQUJQQ2ItRkJ6ckgzUXxBQ3Jtc0tuZlBOS2MyRENRTGx5V2RKVlllS3plSFNZaEk2cEs4UEI4S09jQlQ1SUFNeUc2ODB6OUljUFQ5ZDl2NEsyOHpIYlZRZWRXT2paeUZINmZNTm1QMndJdTN2S2FOalg5V28xS0Z4M3FrWEVrM01aSDBuaw&q=http%3A%2F%2Fwww.mediafire.com%2Ffile%2F9f8fds9s3efg7so%2FWannaCry_by_Rafael.rar%2Ffile
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazNIR0ZGMXk3ZlN3RjhzQUJQQ2ItRkJ6ckgzUXxBQ3Jtc0tuZlBOS2MyRENRTGx5V2RKVlllS3plSFNZaEk2cEs4UEI4S09jQlQ1SUFNeUc2ODB6OUljUFQ5ZDl2NEsyOHpIYlZRZWRXT2paeUZINmZNTm1QMndJdTN2S2FOalg5V28xS0Z4M3FrWEVrM01aSDBuaw&q=http%3A%2F%2Fwww.mediafire.com%2Ffile%2F9f8fds9s3efg7so%2FWannaCry_by_Rafael.rar%2Ffile
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\7zOC85A8F76\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazNIR0ZGMXk3ZlN3RjhzQUJQQ2ItRkJ6ckgzUXxBQ3Jtc0tuZlBOS2MyRENRTGx5V2RKVlllS3plSFNZaEk2cEs4UEI4S09jQlQ1SUFNeUc2ODB6OUljUFQ5ZDl2NEsyOHpIYlZRZWRXT2paeUZINmZNTm1QMndJdTN2S2FOalg5V28xS0Z4M3FrWEVrM01aSDBuaw&q=http%3A%2F%2Fwww.mediafire.com%2Ffile%2F9f8fds9s3efg7so%2FWannaCry_by_Rafael.rar%2Ffile
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-