General
-
Target
Spin the Bottle VIP AREA & MORE!.txt
-
Size
95B
-
Sample
220902-waa3gacdc6
-
MD5
04001a54082f4d894a999d8f33997cef
-
SHA1
e666e0e92260a683cb3429ea1144693915778d5f
-
SHA256
23f81d5ec379edc9c5deb9fdbd5a87049879baa96063ffd32611b6f99c5f31da
-
SHA512
af888003336d94b8d41598a6731eedfae686f8b95b14216d70e22b0b59c686dfc55ae688c27731dcddd6108862e29f31e5fa155bb36c910e1620fe7b12cda03d
Static task
static1
Behavioral task
behavioral1
Sample
Spin the Bottle VIP AREA & MORE!.txt
Resource
win7-20220901-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
Spin the Bottle VIP AREA & MORE!.txt
-
Size
95B
-
MD5
04001a54082f4d894a999d8f33997cef
-
SHA1
e666e0e92260a683cb3429ea1144693915778d5f
-
SHA256
23f81d5ec379edc9c5deb9fdbd5a87049879baa96063ffd32611b6f99c5f31da
-
SHA512
af888003336d94b8d41598a6731eedfae686f8b95b14216d70e22b0b59c686dfc55ae688c27731dcddd6108862e29f31e5fa155bb36c910e1620fe7b12cda03d
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-