Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
10-10-2022 04:27
Static task
static1
Behavioral task
behavioral1
Sample
beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe
Resource
win10v2004-20220812-en
General
-
Target
beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe
-
Size
3.6MB
-
MD5
f23f3e4b07b9d87f2991e8451850f473
-
SHA1
3ccd165d37d5a42099351134d284f9c754166765
-
SHA256
beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29
-
SHA512
540275a62226de56cab7f3a48b07258985f523d4bb57afca43c5e3dc5f54f4f8c69f885e39267a6f1d0b0e4d2b1b61b19bb813ccfcb71064ba71e9950a373cd7
-
SSDEEP
49152:VnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdJZkeYkjkUqc:Z8qPoBhz1aRxcSUDk36SAEdJu
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (1251) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
Processes:
tasksche.exepid process 1692 tasksche.exe -
Drops file in System32 directory 1 IoCs
Processes:
beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe -
Drops file in Windows directory 1 IoCs
Processes:
beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exedescription ioc process File created C:\WINDOWS\tasksche.exe beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe -
Modifies data under HKEY_USERS 1 IoCs
Processes:
beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe"C:\Users\Admin\AppData\Local\Temp\beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exeC:\Users\Admin\AppData\Local\Temp\beb0f88eb902a6ca235c2e83a60e65212b40bf9a36df64a89e0a3ba041767d29.exe -m security1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\tasksche.exeFilesize
3.4MB
MD59aefb15aa2dc9882c341a9f40aa10583
SHA1e721e8f7e4912ed7f98da128822829e41fca7fc8
SHA256b71337223f48994b575098a7dd56d6306bbfba360559ace0c0328a2e6d91cf83
SHA512768a6ce940e659a45f3fdec7ab981a30f23392f21a4c94ac3e04fa7ce40700edc0d05de3e099775415e87b3019017c0d431db1067e613df85e5fa8ac49c274f1
-
memory/1212-54-0x0000000076711000-0x0000000076713000-memory.dmpFilesize
8KB