General
-
Target
silent_vira.exe
-
Size
8.5MB
-
Sample
220617-ltbg8seab7
-
MD5
20bb338530bdc925158c4fcefa33848e
-
SHA1
f6ee865ab416a643a25c5779f9bddd90a03d8df4
-
SHA256
a10c266793dc6e62ee6947981991c736383eaacad5cfc028aad1f16748b83a25
-
SHA512
9aab612a80b04d897c48da8ae0e1c137d9f75eee78cb7661a63e74f001452e0f566bfa8bc8263f8054cae004ac9251d7d8e6c38d1382758bbc30d811f2697f2e
Static task
static1
Behavioral task
behavioral1
Sample
silent_vira.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
silent_vira.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
silent_vira.exe
-
Size
8.5MB
-
MD5
20bb338530bdc925158c4fcefa33848e
-
SHA1
f6ee865ab416a643a25c5779f9bddd90a03d8df4
-
SHA256
a10c266793dc6e62ee6947981991c736383eaacad5cfc028aad1f16748b83a25
-
SHA512
9aab612a80b04d897c48da8ae0e1c137d9f75eee78cb7661a63e74f001452e0f566bfa8bc8263f8054cae004ac9251d7d8e6c38d1382758bbc30d811f2697f2e
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-