Overview

overview

10

Static

static

09a46b3e1b...fa.exe

windows7_x64

10

09a46b3e1b...fa.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa.7z

  • Size

    3.3MB

  • Sample

    220404-phm9faeed2

  • MD5

    6ff4c46cd13d55514bd3fecce6bdfd37

  • SHA1

    a1cbc33335e8496bf43fc0639d7d3f6189783ed8

  • SHA256

    dc52a479a7ab7e1de5f982e528f90e098fed541cbf24074aa4358c4b00428a4c

  • SHA512

    c46ea11505183357f383e2f24d5d761b3cacdbf73d0fc4b32c07d92e417982e2f6c42a33d7ec479af71f91b39d01e60d57b140c1adde8a790bfdccf0b07ab2c4

Score
10/10
wannacrydiscoverypersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

    • Target

      09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa.bin

    • Size

      3.4MB

    • MD5

      509c41ec97bb81b0567b059aa2f50fe8

    • SHA1

      87420a2791d18dad3f18be436045280a4cc16fc4

    • SHA256

      09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa

    • SHA512

      fa7e6863f5f00ea73a09a8ab71937cf29094695a250c7510983d81d51e4775be4d417748b349f0a71f8d675a4943615b61c5dfdd0ad51d7402a9746c10ce1289

    Score
    10/10
    wannacrydiscoverypersistenceransomwarespywarestealerworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks