Overview

overview

10

Static

static

1

Ransomware...us.zip

windows7-x64

1

Win32.Wannacry.dll

windows7-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2023 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ransomware.WannaCry_Plus.zip

  • Size

    2.3MB

  • MD5

    5641d280a62b66943bf2d05a72a972c7

  • SHA1

    c857f1162c316a25eeff6116e249a97b59538585

  • SHA256

    ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488

  • SHA512

    0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752

  • SSDEEP

    49152:9mqR0GTCRh8C9PYUYwm79evoBD2HSypKLZ5u/KU940CwmWtSQX5ddmL6T:RA8GY3b9ev62yypKLlUVCpSSQX5ddmeT

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ransomware.WannaCry_Plus.zip
    1⤵
      PID:2012
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1872
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x1ac
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1968

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads