General
-
Target
3.bat
-
Size
3.3MB
-
Sample
220827-v4e3vadham
-
MD5
4e7075b559ca502cbe6d16e6d5414410
-
SHA1
3a3102da812fe3a4da824a3e263a26b2fe06c61d
-
SHA256
e8a4db64b5c59c3c3f1cdebbb92d57e61e66eb4b29ce10f7802e49b5f4dabda3
-
SHA512
99738d2fcc3e20001b0ea21faa43bb2a22cf707c184925a3bc89af6e462694fba931c3a17c154b9c804ed63732de530d2fa0673cca38603e4519cbc782212ed6
-
SSDEEP
98304:jkdRAcYvqWgnEmY0L+2BNkIMEmbYrlWqsqvQuHhOs+C:jkyonSSNkIMEmbYJdvQuHhOs+C
Static task
static1
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-