General
-
Target
new.exe
-
Size
9.8MB
-
Sample
220403-zq4aqshdbj
-
MD5
4c6c9bb51f826de1b302bb2acb2fdeeb
-
SHA1
a1f0b36c27af652a91d3c2a6a7779dada6644812
-
SHA256
d0fbebc1151f2250ed9247d4664457c013c971d6f93f290159c1bbbd69b45567
-
SHA512
a8dfb800f8e4ab29062d2635dbdcc39102227d0c03f828499e615945cf773dba6b9972a889ca6b710c09c1a4e48cb2de0971ee2503323d6c00dee6955a3e5d1d
Static task
static1
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
1MPeTatAjrZTMH6kpeiHUPrDpgdRgvd7bD
Targets
-
-
Target
new.exe
-
Size
9.8MB
-
MD5
4c6c9bb51f826de1b302bb2acb2fdeeb
-
SHA1
a1f0b36c27af652a91d3c2a6a7779dada6644812
-
SHA256
d0fbebc1151f2250ed9247d4664457c013c971d6f93f290159c1bbbd69b45567
-
SHA512
a8dfb800f8e4ab29062d2635dbdcc39102227d0c03f828499e615945cf773dba6b9972a889ca6b710c09c1a4e48cb2de0971ee2503323d6c00dee6955a3e5d1d
-
XMRig Miner Payload
-
Executes dropped EXE
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-