General
-
Target
a10c266793dc6e62ee6947981991c736383eaacad5cfc028aad1f16748b83a25.zip
-
Size
8.3MB
-
Sample
220618-dhtknsecbr
-
MD5
de18db2dcae82b3ecc9cf9b536fb7944
-
SHA1
9ac087ed998b7a6bd9e67019705e37bc6a5039dc
-
SHA256
2e68ed0d3f1b6e4f879596fdb41c3cfd8313ab000623ceb835eaf183bdbf71b2
-
SHA512
a2be753911c0583c1ba32d6bda8f7be4a50baf9306eda9a15cf7775d9f1ddb492bf73812459a6361ffc492e7b8c4bba9fae6519a85542ae53e1e3c678b6e3ffd
Static task
static1
Behavioral task
behavioral1
Sample
a10c266793dc6e62ee6947981991c736383eaacad5cfc028aad1f16748b83a25.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a10c266793dc6e62ee6947981991c736383eaacad5cfc028aad1f16748b83a25.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
a10c266793dc6e62ee6947981991c736383eaacad5cfc028aad1f16748b83a25.exe
-
Size
8.5MB
-
MD5
20bb338530bdc925158c4fcefa33848e
-
SHA1
f6ee865ab416a643a25c5779f9bddd90a03d8df4
-
SHA256
a10c266793dc6e62ee6947981991c736383eaacad5cfc028aad1f16748b83a25
-
SHA512
9aab612a80b04d897c48da8ae0e1c137d9f75eee78cb7661a63e74f001452e0f566bfa8bc8263f8054cae004ac9251d7d8e6c38d1382758bbc30d811f2697f2e
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-