General
-
Target
sample1_BINFILE.zip
-
Size
3.3MB
-
Sample
211026-pxvxtshdf8
-
MD5
18b1634000adb6ab37c92a5728098de6
-
SHA1
63495049774b3f748492e6f0f76789313eca546c
-
SHA256
943073c5dc8dc0a04d44490f47d05a645009038ebe11a55107471f23e15cdf7b
-
SHA512
39b977b7b26eb0eed75d82d0ef6f300698d43b4fa1ad01684af822fd817811f3a59ad0c9d325f3530bf9f1c78c470bf455f8a8917e75c63fdd657a265801e084
Static task
static1
Behavioral task
behavioral1
Sample
db28ec41adb0407d75fd2e95cfbfee2ab8053700a78933e5091b7bc1741feea4.bin.sample.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
db28ec41adb0407d75fd2e95cfbfee2ab8053700a78933e5091b7bc1741feea4.bin.sample.exe
Resource
win11
Behavioral task
behavioral3
Sample
db28ec41adb0407d75fd2e95cfbfee2ab8053700a78933e5091b7bc1741feea4.bin.sample.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
db28ec41adb0407d75fd2e95cfbfee2ab8053700a78933e5091b7bc1741feea4.bin.sample
-
Size
3.4MB
-
MD5
8ca0780db84fa71fee7a6a3dec66fd57
-
SHA1
096cc82acd58ea61a532c05e9bde7ed102cade40
-
SHA256
db28ec41adb0407d75fd2e95cfbfee2ab8053700a78933e5091b7bc1741feea4
-
SHA512
273f93b62682158b06e28b553579c0b36ea60f25aec095827fda00f3fe2465f30fc07ca1b579bbbecbc3296a33555e862f675f3f70a4450f8205f8c5cb58235b
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-