General
-
Target
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.zip
-
Size
136KB
-
Sample
220824-r4qb2aegdn
-
MD5
f00d7fabef4ae84f088b7aa072cb530b
-
SHA1
0908b2867adbf4cd769d1fb9dda5b95438515e68
-
SHA256
c13e4b910efd039bd609f939e9c75f5afdefbd297d6f6bb441bf51e11dfe2b21
-
SHA512
00b3a97a1c6f7e16b68134447f59f075b280aafa3973da6d99121db96d1ee5734e68a395c88b1106bc36e60e1af5e54c8311c5f5adebcdc2236f8dfeee3634d4
-
SSDEEP
3072:WTpRTt+G99RgFl9kD61BOuLpm0MGOyni4g9OTU0K7KsKOuu1p6DuqRIlUvvoR3Z7:Y/9RgFl9bDuqGyvvoRJGRJRRJLRJuOlS
Static task
static1
Behavioral task
behavioral1
Sample
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.zip
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.zip
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.zip
-
Size
136KB
-
MD5
f00d7fabef4ae84f088b7aa072cb530b
-
SHA1
0908b2867adbf4cd769d1fb9dda5b95438515e68
-
SHA256
c13e4b910efd039bd609f939e9c75f5afdefbd297d6f6bb441bf51e11dfe2b21
-
SHA512
00b3a97a1c6f7e16b68134447f59f075b280aafa3973da6d99121db96d1ee5734e68a395c88b1106bc36e60e1af5e54c8311c5f5adebcdc2236f8dfeee3634d4
-
SSDEEP
3072:WTpRTt+G99RgFl9kD61BOuLpm0MGOyni4g9OTU0K7KsKOuu1p6DuqRIlUvvoR3Z7:Y/9RgFl9bDuqGyvvoRJGRJRRJLRJuOlS
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-