Analysis
-
max time kernel
4294361s -
max time network
304s -
platform
windows7_x64 -
resource
win7-20220223-en -
submitted
07-03-2022 20:35
General
-
Target
mssecsvc.exe
-
Size
3.6MB
-
MD5
07f0244944f38d57debcef6cc1b3d428
-
SHA1
046a14767c91d2c5b62e0dd1631651ee405d107f
-
SHA256
28b7db359e2fe815614e05871dd192d82b2a2d9ab2b3f9a34faaa92fd0d1b055
-
SHA512
cd823ba15213973098a5cc4e0d2ffbd5df24fb5f4fba670ee436a268f6ac68553beef8c01f25a33d66f0ee2ffc35590580b37610b1d7fcffe651fad87c236d2a
Score
10/10
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe"C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\mssecsvc.exeC:\Users\Admin\AppData\Local\Temp\mssecsvc.exe -m security1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\tasksche.exeMD5
aefdbea94a569f2c339071655dc31e0b
SHA1b8f42860730b20e4f52e29dd025ac9e69a1e266b
SHA256b70ceaeba4e784ab4914916460c1772d0cea9726e7c6649d501480a7560b9e9e
SHA512543c558969c417b3cbcdeb36fb1b14ab1f687b15b455e9ae414994dfa3c219dfdbd7b1c2039fd8164f70b895deecc08ecfd9f3ec65b3cbdacbd9292bea856af1
-
memory/1644-54-0x0000000076731000-0x0000000076733000-memory.dmpFilesize
8KB