General
-
Target
5dfb5d45ed584b28ec54b07b3ce1259949cdec7cb28b83802fa0ce00efe6c286.sample
-
Size
3.4MB
-
Sample
210726-kml95tv9rx
-
MD5
becb013855d3df934d1f535593ae93b1
-
SHA1
0279daa6d62b98f1be640afabe9b5f1727677f36
-
SHA256
5dfb5d45ed584b28ec54b07b3ce1259949cdec7cb28b83802fa0ce00efe6c286
-
SHA512
711ec4325ffdb4d8666056ad493ae2fa6e0a7bf0b00758fd0af0873d133c6750de87f5036ec2770b47b78395b06d07e0d0c9b37dd58bfd2dadb094e05af4a584
Static task
static1
Behavioral task
behavioral1
Sample
5dfb5d45ed584b28ec54b07b3ce1259949cdec7cb28b83802fa0ce00efe6c286.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5dfb5d45ed584b28ec54b07b3ce1259949cdec7cb28b83802fa0ce00efe6c286.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
5dfb5d45ed584b28ec54b07b3ce1259949cdec7cb28b83802fa0ce00efe6c286.sample
-
Size
3.4MB
-
MD5
becb013855d3df934d1f535593ae93b1
-
SHA1
0279daa6d62b98f1be640afabe9b5f1727677f36
-
SHA256
5dfb5d45ed584b28ec54b07b3ce1259949cdec7cb28b83802fa0ce00efe6c286
-
SHA512
711ec4325ffdb4d8666056ad493ae2fa6e0a7bf0b00758fd0af0873d133c6750de87f5036ec2770b47b78395b06d07e0d0c9b37dd58bfd2dadb094e05af4a584
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-