Overview

overview

10

Static

static

578faa50a3...ce.dll

windows7-x64

10

578faa50a3...ce.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2022 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    578faa50a3077ece4cdee7cffa2ab0ce.dll

  • Size

    5.0MB

  • MD5

    578faa50a3077ece4cdee7cffa2ab0ce

  • SHA1

    7aee2447567695ea6e557910e196e691137ecc06

  • SHA256

    d40f08d685dd1eb56588e26f957f1f8a9edca5108ec544b49cdb0f2a7ef63088

  • SHA512

    dc2b246a17282430347a1dd6aaeeb2848c199918860735121d2aaf2ef605fd07a49431fd360bbda452bf2036feb67059c3e15118f38f08fe5d2e5a9dbff21b5e

Score
10/10
wannacryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\578faa50a3077ece4cdee7cffa2ab0ce.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\578faa50a3077ece4cdee7cffa2ab0ce.dll,#1
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1284
      • C:\WINDOWS\mssecsvc.exe
        C:\WINDOWS\mssecsvc.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:988
        • C:\WINDOWS\tasksche.exe
          C:\WINDOWS\tasksche.exe /i
          4⤵
          • Executes dropped EXE
          PID:1188
  • C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe -m security
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\mssecsvc.exe
    Filesize

    3.6MB

    MD5

    aa6dceaa71386d5c7594856429223c8d

    SHA1

    6dba170ec0004fb6951f4260059f5b038bce77f2

    SHA256

    90068ef120ee87d69f75fb29e2440d42cae87428b790ef50510952487c926b1f

    SHA512

    c6cf4d6947d252f24682255ec01a2acf2d3226eb00c07ef98c9856314d2ed939e80a4548b2cba169de4f6b74e7ee45b3bcf16ea98e65c95175cf76065d4e4064

    Download Submit

  • C:\Windows\mssecsvc.exe
    Filesize

    3.6MB

    MD5

    aa6dceaa71386d5c7594856429223c8d

    SHA1

    6dba170ec0004fb6951f4260059f5b038bce77f2

    SHA256

    90068ef120ee87d69f75fb29e2440d42cae87428b790ef50510952487c926b1f

    SHA512

    c6cf4d6947d252f24682255ec01a2acf2d3226eb00c07ef98c9856314d2ed939e80a4548b2cba169de4f6b74e7ee45b3bcf16ea98e65c95175cf76065d4e4064

    Download Submit

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    6a7a4f797977e9246f8a448c842eee34

    SHA1

    f82dd7f17ba1a5163eb49b90be53c35bc7249308

    SHA256

    8e3f98bd9a2e58120986ad4d692ece036d7cadf4c171cdd9f469990cf9d62cf5

    SHA512

    72ccd69a8e0dae286f9a84a9c8aeba2e5cc05710a08234e2c4ead82e8cf6150dcdb5ab34729b806a91010ae5d4eea0c43e4ed70771430b60e5e55ec3c6796709

    Download Submit

  • memory/988-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1284-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1284-55-0x0000000076681000-0x0000000076683000-memory.dmp

    Filesize

    8KB

    Download