Analysis
-
max time kernel
191s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 05:37
Static task
static1
Behavioral task
behavioral1
Sample
bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe
Resource
win10v2004-20220414-en
General
-
Target
bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe
-
Size
2.2MB
-
MD5
6bfa175e3cbd626ef26394826edb0fdf
-
SHA1
5baaa75467b69d3ead87a6123512e56d78377940
-
SHA256
bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3
-
SHA512
70bffc468c6aae80ddf98c1e54097b3a3e1278c7fa118b28d4116ba95a1d769b4d622586d946b7ec62002539bf0915badeaeb164e0419c5e618262fbb3c432f6
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (2562) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
Processes:
bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exedescription ioc process File created C:\WINDOWS\tasksche.exe bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe"C:\Users\Admin\AppData\Local\Temp\bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe"1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exeC:\Users\Admin\AppData\Local\Temp\bd3e9d2bd72e399554ba0588778b179e94c3179f7ff32b9c7cdd542731247ff3.exe -m security1⤵
- Modifies data under HKEY_USERS