General
-
Target
WannaCry by Rafael.rar
-
Size
3.3MB
-
Sample
221130-x9r1pscb3t
-
MD5
efc84e526a47732a5a0fa7196d31f92c
-
SHA1
348ca3ce26bd0188d6fc5f76ae0e0c459122b6e5
-
SHA256
1f829e33dd839b7f943b3e4878eaf6846968d8b439ffdee31f9c70b9e0953435
-
SHA512
c9c5153f59821cf5f6b99014d08f95c07a1b8a858b9ff51641e621b35405eb930eeca6d123ec457f9aaec3e7c3668daa1370752c6d275f879eb8c33b827ecd9d
-
SSDEEP
98304:9lZRDLWSmOSkxV0QJmdckYNPH6QGGZx8oJqFj7kEB:bDLWSmOz0c+/6nz14Fj4Q
Static task
static1
Behavioral task
behavioral1
Sample
WannaCry.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
WannaCry.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
WannaCry.EXE
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-