wannacry | 773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178 | Triage

Submit
Reports

Overview

overview

Static

static

7731861442...78.dll

windows7_x64

7731861442...78.dll

windows10-2004_x64

Sharing

General

Target

773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
Size

5.0MB
Sample

220201-gb2jgsaba2
MD5

0805cb0e64e34711530c95e58e38c11f
SHA1

69a8ba560ef1aad2b1bc7614c1de8ed22e19deb6
SHA256

773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
SHA512

92b54b1fdf484fe188659b40e14e40ce69a736ae7feb02cb8f165843a18a5d358bf76f7e383d6166961c90916563f308757b6e6ab47ac1c9da8007e33fa1ed1a

Score

10^/10

wannacry evasion persistence ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178.dll

Resource

win7-en-20211208

wannacry ransomware worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178.dll

Resource

win10v2004-en-20220112

wannacry evasion persistence ransomware worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
- Size
  
  5.0MB
- MD5
  
  0805cb0e64e34711530c95e58e38c11f
- SHA1
  
  69a8ba560ef1aad2b1bc7614c1de8ed22e19deb6
- SHA256
  
  773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
- SHA512
  
  92b54b1fdf484fe188659b40e14e40ce69a736ae7feb02cb8f165843a18a5d358bf76f7e383d6166961c90916563f308757b6e6ab47ac1c9da8007e33fa1ed1a
Score

10^/10

wannacry ransomware worm evasion persistence
- Modifies firewall policy service
  evasion
- Suspicious use of NtCreateProcessExOtherParentProcess
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacryevasionpersistenceransomwareworm

© 2018-2024

Terms | Privacy