Analysis
-
max time kernel
84s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
21-02-2023 15:25
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.WannaCry_Plus.zip
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
Win32.Wannacry.dll
Resource
win7-20230220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
Ransomware.WannaCry_Plus.zip
-
Size
2.3MB
-
MD5
5641d280a62b66943bf2d05a72a972c7
-
SHA1
c857f1162c316a25eeff6116e249a97b59538585
-
SHA256
ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488
-
SHA512
0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752
-
SSDEEP
49152:9mqR0GTCRh8C9PYUYwm79evoBD2HSypKLZ5u/KU940CwmWtSQX5ddmL6T:RA8GY3b9ev62yypKLlUVCpSSQX5ddmeT
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1968 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1968 AUDIODG.EXE Token: 33 1968 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1968 AUDIODG.EXE
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ransomware.WannaCry_Plus.zip1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1ac1⤵
- Suspicious use of AdjustPrivilegeToken