General
-
Target
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9.sample
-
Size
3.4MB
-
Sample
210726-nts97x6kbx
-
MD5
86721e64ffbd69aa6944b9672bcabb6d
-
SHA1
8897c658c0373be54eeac23bbd4264687a141ae1
-
SHA256
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9
-
SHA512
f1183abc511211b104adc1cb2586c4996ef2277621745b4e4e233f56534514b507ff26aa5be9776f91197a5c3ab4ba855a04e934bd56d39e779cbbbd40c9fe84
Static task
static1
Behavioral task
behavioral1
Sample
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9.sample
-
Size
3.4MB
-
MD5
86721e64ffbd69aa6944b9672bcabb6d
-
SHA1
8897c658c0373be54eeac23bbd4264687a141ae1
-
SHA256
c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9
-
SHA512
f1183abc511211b104adc1cb2586c4996ef2277621745b4e4e233f56534514b507ff26aa5be9776f91197a5c3ab4ba855a04e934bd56d39e779cbbbd40c9fe84
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-