General
-
Target
4fb3620ac1202564b48d960457545ce9686dec1f73a54be89a4bfee8e537c60b
-
Size
3.6MB
-
Sample
220325-1venlschb4
-
MD5
9d33083550369313213b538d99fca3f7
-
SHA1
7283ba158ab099d9e207a41579f6f2ebc37e64e7
-
SHA256
4fb3620ac1202564b48d960457545ce9686dec1f73a54be89a4bfee8e537c60b
-
SHA512
c205f10536e5d3e92325d397927be8968f3fedf857ca054daff456f38830374dd2dfc0d542ce1292b7d2161ddbd5c5431572cb73f15a6f76a54e75b600b673c1
Static task
static1
Behavioral task
behavioral1
Sample
4fb3620ac1202564b48d960457545ce9686dec1f73a54be89a4bfee8e537c60b.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
4fb3620ac1202564b48d960457545ce9686dec1f73a54be89a4bfee8e537c60b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
4fb3620ac1202564b48d960457545ce9686dec1f73a54be89a4bfee8e537c60b
-
Size
3.6MB
-
MD5
9d33083550369313213b538d99fca3f7
-
SHA1
7283ba158ab099d9e207a41579f6f2ebc37e64e7
-
SHA256
4fb3620ac1202564b48d960457545ce9686dec1f73a54be89a4bfee8e537c60b
-
SHA512
c205f10536e5d3e92325d397927be8968f3fedf857ca054daff456f38830374dd2dfc0d542ce1292b7d2161ddbd5c5431572cb73f15a6f76a54e75b600b673c1
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-