Resubmissions

09-10-2022 16:44

221009-t8424ahder 10

01-10-2022 12:08

221001-pawkvagab7 10

Analysis

  • max time kernel
    48s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2022 12:08

General

  • Target

    ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f.exe

  • Size

    244KB

  • MD5

    bd96a097cc41b1e0b452c537d445962f

  • SHA1

    56046e20c82984abfd0febf669d7493f6d155cde

  • SHA256

    ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f

  • SHA512

    649b6898dedf3bea2488f584dc2a3947873c9fa1d3f872c67bb262be976643ac8204aec014f81ad5b03031f049c7227f193ee8fa58b32a84ecaad035ac9d6fdb

  • SSDEEP

    3072:xmrhd5U1eigWcR+uiUg6p4FLlG4tlLpz+mmCkHFZjoHEo3m:xEd5+IZiZhLlG4NimmCK

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f.exe
    "C:\Users\Admin\AppData\Local\Temp\ac73e3c9e7ee62be2d2138fa5f8ef28679c0a191882b7a30e35ce7b89786935f.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious use of SetWindowsHookEx
    PID:1544

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Impact

Defacement

1
T1491

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1544-54-0x0000000075681000-0x0000000075683000-memory.dmp
    Filesize

    8KB