wannacry | 42a7636248e5972bf5c790eb5c13f93716821d4606644adf0b18a26826179f2a | Triage

Submit
Reports

Overview

overview

Static

static

42a7636248...2a.exe

windows7_x64

42a7636248...2a.exe

windows10-2004_x64

Sharing

General

Target

42a7636248e5972bf5c790eb5c13f93716821d4606644adf0b18a26826179f2a
Size

2.3MB
Sample

220708-b9f3jscdck
MD5

7b4f33a283fc64db1227f5d82db91a59
SHA1

f32ae945c419e09e3320686f2b9b419c346d76a3
SHA256

42a7636248e5972bf5c790eb5c13f93716821d4606644adf0b18a26826179f2a
SHA512

7c59bc1028115acbda27245a8f14638892a3fbae1ac409ec62448f9ad580fd3051bdaef751b7d8f6e81df80a23098201de386082e229a768a6142a514ee85511

Score

10^/10

wannacry xmrig evasion miner ransomware upx worm

Static task

static1

Behavioral task

behavioral1

Sample

42a7636248e5972bf5c790eb5c13f93716821d4606644adf0b18a26826179f2a.exe

Resource

win7-20220414-en

wannacry xmrig evasion miner ransomware upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

42a7636248e5972bf5c790eb5c13f93716821d4606644adf0b18a26826179f2a.exe

Resource

win10v2004-20220414-en

wannacry xmrig evasion miner ransomware upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  42a7636248e5972bf5c790eb5c13f93716821d4606644adf0b18a26826179f2a
- Size
  
  2.3MB
- MD5
  
  7b4f33a283fc64db1227f5d82db91a59
- SHA1
  
  f32ae945c419e09e3320686f2b9b419c346d76a3
- SHA256
  
  42a7636248e5972bf5c790eb5c13f93716821d4606644adf0b18a26826179f2a
- SHA512
  
  7c59bc1028115acbda27245a8f14638892a3fbae1ac409ec62448f9ad580fd3051bdaef751b7d8f6e81df80a23098201de386082e229a768a6142a514ee85511
Score

10^/10

wannacry xmrig evasion miner ransomware upx worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- XMRig Miner payload
  miner
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

wannacryxmrigevasionminerransomwareupxworm

behavioral2

wannacryxmrigevasionminerransomwareupxworm

© 2018-2024

Terms | Privacy