General
-
Target
f02bf0ee736e9fee8372772e207c5ec83af23e0521f5e0346e15ea584b4e8e36.bin.sample
-
Size
3.5MB
-
Sample
211018-tpm98sdhb9
-
MD5
4677ad996f48b802b2ef1e9b64901504
-
SHA1
693e99b23094ddb01040f0577b78a0b56b34327c
-
SHA256
f02bf0ee736e9fee8372772e207c5ec83af23e0521f5e0346e15ea584b4e8e36
-
SHA512
aa1e97b13d82adf6ea2a91338ae2895c229f41082b6369af496213787617ec5614169a5923f2057668497e471c5ff720cdfbba39db2d8c0f8608efeab9598a3d
Static task
static1
Behavioral task
behavioral1
Sample
f02bf0ee736e9fee8372772e207c5ec83af23e0521f5e0346e15ea584b4e8e36.bin.sample.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
f02bf0ee736e9fee8372772e207c5ec83af23e0521f5e0346e15ea584b4e8e36.bin.sample
-
Size
3.5MB
-
MD5
4677ad996f48b802b2ef1e9b64901504
-
SHA1
693e99b23094ddb01040f0577b78a0b56b34327c
-
SHA256
f02bf0ee736e9fee8372772e207c5ec83af23e0521f5e0346e15ea584b4e8e36
-
SHA512
aa1e97b13d82adf6ea2a91338ae2895c229f41082b6369af496213787617ec5614169a5923f2057668497e471c5ff720cdfbba39db2d8c0f8608efeab9598a3d
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-