General
-
Target
94756c3e412425c99b27b4b02dac113fe291a750591fb98f1db95713bb59a6b2
-
Size
9.8MB
-
Sample
220328-vv5l5sggdr
-
MD5
57d2f66c766cf46c3986677332fafec5
-
SHA1
c51ecb5e89595bb6c7b1333e03bcef388d472426
-
SHA256
94756c3e412425c99b27b4b02dac113fe291a750591fb98f1db95713bb59a6b2
-
SHA512
2360aa880fb32fd681d79da6fdbfc7fa598472eaa9ba7d20c186f27d92d7084b820da6e69db2eda075217c2553907ed56507c7538428374dc56c6dd91c9ec725
Static task
static1
Behavioral task
behavioral1
Sample
94756c3e412425c99b27b4b02dac113fe291a750591fb98f1db95713bb59a6b2.exe
Resource
win7-20220311-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
1MPeTatAjrZTMH6kpeiHUPrDpgdRgvd7bD
Targets
-
-
Target
94756c3e412425c99b27b4b02dac113fe291a750591fb98f1db95713bb59a6b2
-
Size
9.8MB
-
MD5
57d2f66c766cf46c3986677332fafec5
-
SHA1
c51ecb5e89595bb6c7b1333e03bcef388d472426
-
SHA256
94756c3e412425c99b27b4b02dac113fe291a750591fb98f1db95713bb59a6b2
-
SHA512
2360aa880fb32fd681d79da6fdbfc7fa598472eaa9ba7d20c186f27d92d7084b820da6e69db2eda075217c2553907ed56507c7538428374dc56c6dd91c9ec725
-
XMRig Miner Payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Sets desktop wallpaper using registry
-