Overview

overview

10

Static

static

new.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new.exe

  • Size

    9.8MB

  • Sample

    220403-1dg3eahffq

  • MD5

    a01de7d76f13821dd7186e4a19c9e285

  • SHA1

    efcf33ae8a21ef780f69dad366034856d67e5239

  • SHA256

    9c11d38a1c168bd65c13f194ba298aa34b875b82dbc7272e3aa2beb028f35dab

  • SHA512

    7599030125934a933ba1a304dab912170129ed8e15b526436c2a294296ab7fe6855aa2a46e8875eed43c9fb605748c151d79cc1257fd81b1be7542470d967737

Score
10/10
wannacryxmrigdiscoveryevasionminerransomwareupxworm

Malware Config

Targets

    • Target

      new.exe

    • Size

      9.8MB

    • MD5

      a01de7d76f13821dd7186e4a19c9e285

    • SHA1

      efcf33ae8a21ef780f69dad366034856d67e5239

    • SHA256

      9c11d38a1c168bd65c13f194ba298aa34b875b82dbc7272e3aa2beb028f35dab

    • SHA512

      7599030125934a933ba1a304dab912170129ed8e15b526436c2a294296ab7fe6855aa2a46e8875eed43c9fb605748c151d79cc1257fd81b1be7542470d967737

    Score
    10/10
    wannacryxmrigdiscoveryevasionminerransomwareupxworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks