General
-
Target
Untitled Jam (7).pdf
-
Size
22KB
-
Sample
230215-kkdqkaag3y
-
MD5
a520bcc98c6fcd69c4ab3944c0d5f4a2
-
SHA1
07529d8c678d08f436a6abdbf3f0237956b1baee
-
SHA256
f59982e6f66bd2aa628e2592f9afc5e3cf8fcbc8374ca55378dfc5faefbcc475
-
SHA512
76cc077a791292eb043101ed563ec238065513e84428ba6bfc37d342ee9171b33b15e993d13a95fb7ca4950cd9486d715a9ef0ef508afa8e2e145d5cab4f6400
-
SSDEEP
384:w7JWL/WC88erHxH+R8NkRSeTy/sYClAe92MQZMZmylqlo:KWLWC8Be66RcUHlAOQZWlqu
Static task
static1
Behavioral task
behavioral1
Sample
Untitled Jam (7).pdf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Untitled Jam (7).pdf
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Untitled Jam (7).pdf
-
Size
22KB
-
MD5
a520bcc98c6fcd69c4ab3944c0d5f4a2
-
SHA1
07529d8c678d08f436a6abdbf3f0237956b1baee
-
SHA256
f59982e6f66bd2aa628e2592f9afc5e3cf8fcbc8374ca55378dfc5faefbcc475
-
SHA512
76cc077a791292eb043101ed563ec238065513e84428ba6bfc37d342ee9171b33b15e993d13a95fb7ca4950cd9486d715a9ef0ef508afa8e2e145d5cab4f6400
-
SSDEEP
384:w7JWL/WC88erHxH+R8NkRSeTy/sYClAe92MQZMZmylqlo:KWLWC8Be66RcUHlAOQZWlqu
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-