General
-
Target
aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c
-
Size
4.3MB
-
Sample
220825-ap3kdaeaf9
-
MD5
4da1f312a214c07143abeeafb695d904
-
SHA1
b629f072c9241fd2451f1cbca2290197e72a8f5e
-
SHA256
aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c
-
SHA512
0b3281132890039638bed1bd815261b6f6d6bc8bf63467d6a1cdd41f4de89e1d10b241a273378e5f5a1401ea10c0b2974f44a585c92ba15639d80c0501b258c9
-
SSDEEP
98304:zcI8HbSxeeqe5hXlpIyS+PiwTNl/iZ102q7O3cOtgP5HYPNtNO8/I04miT4RTMpK:zD28tqeDNPLTmZR4Ou5H8NbOR04g5MpK
Static task
static1
Behavioral task
behavioral1
Sample
aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c.exe
Resource
win10-20220812-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\!Please Read Me!.txt
wannacry
Targets
-
-
Target
aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c
-
Size
4.3MB
-
MD5
4da1f312a214c07143abeeafb695d904
-
SHA1
b629f072c9241fd2451f1cbca2290197e72a8f5e
-
SHA256
aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c
-
SHA512
0b3281132890039638bed1bd815261b6f6d6bc8bf63467d6a1cdd41f4de89e1d10b241a273378e5f5a1401ea10c0b2974f44a585c92ba15639d80c0501b258c9
-
SSDEEP
98304:zcI8HbSxeeqe5hXlpIyS+PiwTNl/iZ102q7O3cOtgP5HYPNtNO8/I04miT4RTMpK:zD28tqeDNPLTmZR4Ou5H8NbOR04g5MpK
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-