General
-
Target
d8a9879a99ac7b12e63e6bcae7f965fbf1b63d892a8649ab1d6b08ce711f7127
-
Size
3.4MB
-
Sample
220124-dq81bsbadl
-
MD5
2b4e8612d9f8cdcf520a8b2e42779ffa
-
SHA1
ae7113dd9a65a7be186d1982b02e16decda7eb80
-
SHA256
d8a9879a99ac7b12e63e6bcae7f965fbf1b63d892a8649ab1d6b08ce711f7127
-
SHA512
05959d59b55f6ecf87eb274cb6084f33ffc4742346d1ed67209e5949b23f3480b3b4bb4a8d9d9e8c5a63c07cbe9444f5028f096ec258bb8603a282f803364654
Static task
static1
Behavioral task
behavioral1
Sample
d8a9879a99ac7b12e63e6bcae7f965fbf1b63d892a8649ab1d6b08ce711f7127.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d8a9879a99ac7b12e63e6bcae7f965fbf1b63d892a8649ab1d6b08ce711f7127.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
d8a9879a99ac7b12e63e6bcae7f965fbf1b63d892a8649ab1d6b08ce711f7127
-
Size
3.4MB
-
MD5
2b4e8612d9f8cdcf520a8b2e42779ffa
-
SHA1
ae7113dd9a65a7be186d1982b02e16decda7eb80
-
SHA256
d8a9879a99ac7b12e63e6bcae7f965fbf1b63d892a8649ab1d6b08ce711f7127
-
SHA512
05959d59b55f6ecf87eb274cb6084f33ffc4742346d1ed67209e5949b23f3480b3b4bb4a8d9d9e8c5a63c07cbe9444f5028f096ec258bb8603a282f803364654
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-