wannacry | 7ee0185acfc329af306c048d970c8dc841a08969778e1eb9f34dfd4e755749a1 | Triage

Submit
Reports

Overview

overview

Static

static

8

f933f20a90...ir.exe

windows7_x64

f933f20a90...ir.exe

windows10_x64

Sharing

General

Target

f933f20a904f7d2a2a127a1fb509f9a9.exe.vir
Size

292KB
Sample

211223-vbnvaacbdm
MD5

f933f20a904f7d2a2a127a1fb509f9a9
SHA1

86a8f94d43f484bf949ea428cbb98df1a72ce7e6
SHA256

7ee0185acfc329af306c048d970c8dc841a08969778e1eb9f34dfd4e755749a1
SHA512

de35e37ab10dac9cd25e4e8308e4928720eb89e9f70c4b42f3a33bce966e3ef2871d40afab8f029aa0bb41da9627b4014844060fc00c17a17828f829b0971b8d

Score

10^/10

wannacry discovery evasion miner persistence ransomware upx worm

Static task

static1

Behavioral task

behavioral1

Sample

f933f20a904f7d2a2a127a1fb509f9a9.exe.vir.exe

Resource

win7-en-20211208

wannacry discovery evasion miner persistence ransomware worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f933f20a904f7d2a2a127a1fb509f9a9.exe.vir.exe

Resource

win10-en-20211208

wannacry discovery evasion miner persistence ransomware upx worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f933f20a904f7d2a2a127a1fb509f9a9.exe.vir
- Size
  
  292KB
- MD5
  
  f933f20a904f7d2a2a127a1fb509f9a9
- SHA1
  
  86a8f94d43f484bf949ea428cbb98df1a72ce7e6
- SHA256
  
  7ee0185acfc329af306c048d970c8dc841a08969778e1eb9f34dfd4e755749a1
- SHA512
  
  de35e37ab10dac9cd25e4e8308e4928720eb89e9f70c4b42f3a33bce966e3ef2871d40afab8f029aa0bb41da9627b4014844060fc00c17a17828f829b0971b8d
Score

10^/10

wannacry discovery evasion miner persistence ransomware worm upx
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Clears Windows event logs
  evasion ransomware
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Indicator Removal on Host

Modify Registry

Hidden Files and Directories

Impair Defenses

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

wannacrydiscoveryevasionminerpersistenceransomwareworm

behavioral2

wannacrydiscoveryevasionminerpersistenceransomwareupxworm

© 2018-2024

Terms | Privacy