Overview

overview

10

Static

static

new.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new.exe

  • Size

    9.8MB

  • Sample

    220403-17k16aebd5

  • MD5

    a06dcb84939f4fdaaca12c842c13d04d

  • SHA1

    61fcb9900db51f8c921f563310b1f8739410b612

  • SHA256

    72908c0c13285d9deda26eb1d0359490979c53ee19897556a8e1db38c4de9847

  • SHA512

    872a9642f650bf57e75a5e9028a5832766320325861e03fe24a56b65db8c0debd4a98a99fd103587ab9bd136bc6dd474d9569ee2024aa81d49b34aef31761f90

Score
10/10
wannacryxmrigdiscoveryevasionminerransomwareupxworm

Malware Config

Targets

    • Target

      new.exe

    • Size

      9.8MB

    • MD5

      a06dcb84939f4fdaaca12c842c13d04d

    • SHA1

      61fcb9900db51f8c921f563310b1f8739410b612

    • SHA256

      72908c0c13285d9deda26eb1d0359490979c53ee19897556a8e1db38c4de9847

    • SHA512

      872a9642f650bf57e75a5e9028a5832766320325861e03fe24a56b65db8c0debd4a98a99fd103587ab9bd136bc6dd474d9569ee2024aa81d49b34aef31761f90

    Score
    10/10
    wannacryxmrigdiscoveryevasionminerransomwareupxworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks