General
-
Target
test.exe
-
Size
8.2MB
-
Sample
220721-qp4qfagcal
-
MD5
48ce81057f649f147f1e085538538553
-
SHA1
ffde936dd42e10699407cba96df2a207d86949cb
-
SHA256
b092abc4a41c475c907938d54ddd1c1e22a50e4eac4306682d22f4af6e31f7d5
-
SHA512
58bdaa7e64c9172e30c694e9b9ea9c23925bff7784cb06de37eb8aef929cd88b50d2980ce63d5f5488602290b1b52d187b2491e718a7c4e1e9a1e2965228a5eb
Static task
static1
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
test.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
test.exe
-
Size
8.2MB
-
MD5
48ce81057f649f147f1e085538538553
-
SHA1
ffde936dd42e10699407cba96df2a207d86949cb
-
SHA256
b092abc4a41c475c907938d54ddd1c1e22a50e4eac4306682d22f4af6e31f7d5
-
SHA512
58bdaa7e64c9172e30c694e9b9ea9c23925bff7784cb06de37eb8aef929cd88b50d2980ce63d5f5488602290b1b52d187b2491e718a7c4e1e9a1e2965228a5eb
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-