Resubmissions

09-10-2022 16:44

221009-t8424ahder 10

01-10-2022 12:08

221001-pawkvagab7 10

Analysis

  • max time kernel
    48s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2022 12:08

General

  • Target

    ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f.exe

  • Size

    244KB

  • MD5

    bd96a097cc41b1e0b452c537d445962f

  • SHA1

    56046e20c82984abfd0febf669d7493f6d155cde

  • SHA256

    ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f

  • SHA512

    649b6898dedf3bea2488f584dc2a3947873c9fa1d3f872c67bb262be976643ac8204aec014f81ad5b03031f049c7227f193ee8fa58b32a84ecaad035ac9d6fdb

  • SSDEEP

    3072:xmrhd5U1eigWcR+uiUg6p4FLlG4tlLpz+mmCkHFZjoHEo3m:xEd5+IZiZhLlG4NimmCK

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Sets desktop wallpaper using registry ⋅ 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx ⋅ 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f.exe
    "C:\Users\Admin\AppData\Local\Temp\ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f.exe"
    Sets desktop wallpaper using registry
    Suspicious use of SetWindowsHookEx
    PID:1544

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Replay Monitor

                      00:00 00:00

                      Downloads

                      • memory/1544-54-0x0000000075681000-0x0000000075683000-memory.dmp