General
-
Target
e5c117233e22d08a547c278ae7027815e22c196a083679126ab9646c781acb6c
-
Size
3.4MB
-
Sample
220129-al9vaahch5
-
MD5
2302249413a30684bea3951115d32630
-
SHA1
c7c1fa9be094f5e0f0579e53a1892c57c7eec028
-
SHA256
e5c117233e22d08a547c278ae7027815e22c196a083679126ab9646c781acb6c
-
SHA512
7ae6baeb31837628676a8b683adb9162511738f2f10d5707e9161e0e71ef3503d8360736932fad5d2624277402c8e235b9eebcf4001fcc8d7ba781e8db8d684c
Static task
static1
Behavioral task
behavioral1
Sample
e5c117233e22d08a547c278ae7027815e22c196a083679126ab9646c781acb6c.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
e5c117233e22d08a547c278ae7027815e22c196a083679126ab9646c781acb6c
-
Size
3.4MB
-
MD5
2302249413a30684bea3951115d32630
-
SHA1
c7c1fa9be094f5e0f0579e53a1892c57c7eec028
-
SHA256
e5c117233e22d08a547c278ae7027815e22c196a083679126ab9646c781acb6c
-
SHA512
7ae6baeb31837628676a8b683adb9162511738f2f10d5707e9161e0e71ef3503d8360736932fad5d2624277402c8e235b9eebcf4001fcc8d7ba781e8db8d684c
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Sets desktop wallpaper using registry
-