Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
06-09-2022 21:30
Static task
static1
Behavioral task
behavioral1
Sample
1f7927f56bb9f080efc3be1c14ecaec6.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1f7927f56bb9f080efc3be1c14ecaec6.exe
Resource
win10v2004-20220812-en
General
-
Target
1f7927f56bb9f080efc3be1c14ecaec6.exe
-
Size
3.6MB
-
MD5
1f7927f56bb9f080efc3be1c14ecaec6
-
SHA1
388f8de9899ab370a45f9eb02a090364c38b22bb
-
SHA256
1c1dac9c49cddb95400342bae8b73ceac5c0c61a1b11a5e2b7e6b73b89cb40da
-
SHA512
75bd4aa1aefd5d25a4f28c33658ab06642c2f36af779759ea0dd4d5c6ba681b24e87e1549682ba9ef02e23bd49c2ad506ad28e3ccdc03957c3456cfa0e16cfe2
-
SSDEEP
49152:VnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9wAHI:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9BHI
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (1356) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
Processes:
tasksche.exepid process 804 tasksche.exe -
Drops file in System32 directory 1 IoCs
Processes:
1f7927f56bb9f080efc3be1c14ecaec6.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 1f7927f56bb9f080efc3be1c14ecaec6.exe -
Drops file in Windows directory 1 IoCs
Processes:
1f7927f56bb9f080efc3be1c14ecaec6.exedescription ioc process File created C:\WINDOWS\tasksche.exe 1f7927f56bb9f080efc3be1c14ecaec6.exe -
Modifies data under HKEY_USERS 1 IoCs
Processes:
1f7927f56bb9f080efc3be1c14ecaec6.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 1f7927f56bb9f080efc3be1c14ecaec6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f7927f56bb9f080efc3be1c14ecaec6.exe"C:\Users\Admin\AppData\Local\Temp\1f7927f56bb9f080efc3be1c14ecaec6.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1f7927f56bb9f080efc3be1c14ecaec6.exeC:\Users\Admin\AppData\Local\Temp\1f7927f56bb9f080efc3be1c14ecaec6.exe -m security1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\tasksche.exeFilesize
3.4MB
MD59e628c827e5640caf07d6959f64d0618
SHA10799c65d5c256dbac5ee724e5300c60702155edf
SHA256b0d21cdcf845a32d4377336a03072a344289c95211f37f7976db810e9a5d0490
SHA5129216c226c1b6c001c74cfe50abdfd7e2f27f298e2092550404738deea670c2c4cb9df1019378a8dd80ab0ac2422fa775269ad6d9c55777ecea6826722c947f76
-
memory/1184-54-0x0000000075A11000-0x0000000075A13000-memory.dmpFilesize
8KB