General
-
Target
HEUR-Trojan.Win32.Generic-52f418cf6a5177d34668b112a0eb6c3621d7f1fbc046caded45d3750513f539d.exe
-
Size
6.1MB
-
Sample
220925-vdzpkafdg9
-
MD5
bcd24fea17ad5111304ae113f9940cb3
-
SHA1
c37587eb2d08c7a597e91e7ab846d8ff9bd5e973
-
SHA256
52f418cf6a5177d34668b112a0eb6c3621d7f1fbc046caded45d3750513f539d
-
SHA512
3c3b6b67ef8f0fa8330a4211d12164698ba424c034e3bab8e391027abe8cde00df143ccd38301d4c9e53280bf52e431eba4907d2841e6d51357504d5566473d3
-
SSDEEP
196608:DOM8qTsSqwLt/lE0z+CBOD6YgfrwFNiVf95f:DOeTsRwLtCu+CBOl2yNiVf95f
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.Generic-52f418cf6a5177d34668b112a0eb6c3621d7f1fbc046caded45d3750513f539d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HEUR-Trojan.Win32.Generic-52f418cf6a5177d34668b112a0eb6c3621d7f1fbc046caded45d3750513f539d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Windows\Temp\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\Windows\Temp\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
HEUR-Trojan.Win32.Generic-52f418cf6a5177d34668b112a0eb6c3621d7f1fbc046caded45d3750513f539d.exe
-
Size
6.1MB
-
MD5
bcd24fea17ad5111304ae113f9940cb3
-
SHA1
c37587eb2d08c7a597e91e7ab846d8ff9bd5e973
-
SHA256
52f418cf6a5177d34668b112a0eb6c3621d7f1fbc046caded45d3750513f539d
-
SHA512
3c3b6b67ef8f0fa8330a4211d12164698ba424c034e3bab8e391027abe8cde00df143ccd38301d4c9e53280bf52e431eba4907d2841e6d51357504d5566473d3
-
SSDEEP
196608:DOM8qTsSqwLt/lE0z+CBOD6YgfrwFNiVf95f:DOeTsRwLtCu+CBOl2yNiVf95f
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-