General
-
Target
Ransomware.WannaCry.zip
-
Size
122KB
-
Sample
220313-wht6bababn
-
MD5
6cb134babb891582d2b0f6c120779075
-
SHA1
2dc0b5c989f3f18f0b6428ff00cd9f010aaff5e9
-
SHA256
00bfcd61044cd8e1b12f8eb58e0be13bd8af5d814deb4f8e8466d3883cb53713
-
SHA512
6ab51cc71a0ac98da3536abaa050b9119a8b9b9cc01569e92c9351f212eb3c6a9b561713352a3ef4d5147555f9a247fc3315e4207b5b9b387a82206687a24335
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.WannaCry.zip
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Ransomware.WannaCry.zip
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Ransomware.WannaCry.zip
-
Size
122KB
-
MD5
6cb134babb891582d2b0f6c120779075
-
SHA1
2dc0b5c989f3f18f0b6428ff00cd9f010aaff5e9
-
SHA256
00bfcd61044cd8e1b12f8eb58e0be13bd8af5d814deb4f8e8466d3883cb53713
-
SHA512
6ab51cc71a0ac98da3536abaa050b9119a8b9b9cc01569e92c9351f212eb3c6a9b561713352a3ef4d5147555f9a247fc3315e4207b5b9b387a82206687a24335
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-