Overview

overview

10

Static

static

new.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new.exe

  • Size

    9.8MB

  • Sample

    220403-z8qglahfbl

  • MD5

    fdc683e81c2750785441f5e0e4ec2144

  • SHA1

    8bbf694ab9ea54f746f63c4f0706f1642cf44773

  • SHA256

    40e291dbe2f1b4058f21a3cdd8e742e3253aa8a8f62df2db4b6c78705d4062c5

  • SHA512

    52600f9f736c0f053cb18b2572052d5e6628dd9b0490ae79cc1c83a0199062f73eb522090a06910725e9e4d94846a8428cecd4b232d1d1f83f0d8033a39ae924

Score
10/10
wannacrydiscoveryevasionransomwareupxworm

Malware Config

Targets

    • Target

      new.exe

    • Size

      9.8MB

    • MD5

      fdc683e81c2750785441f5e0e4ec2144

    • SHA1

      8bbf694ab9ea54f746f63c4f0706f1642cf44773

    • SHA256

      40e291dbe2f1b4058f21a3cdd8e742e3253aa8a8f62df2db4b6c78705d4062c5

    • SHA512

      52600f9f736c0f053cb18b2572052d5e6628dd9b0490ae79cc1c83a0199062f73eb522090a06910725e9e4d94846a8428cecd4b232d1d1f83f0d8033a39ae924

    Score
    10/10
    wannacrydiscoveryevasionransomwareupxworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks