General
-
Target
u0
-
Size
191KB
-
Sample
230223-rbc61aga66
-
MD5
eab9caf4277829abdf6223ec1efa0edd
-
SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d
-
SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
-
SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2
-
SSDEEP
3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
Static task
static1
Behavioral task
behavioral1
Sample
u0.dll
Resource
win10v2004-20230220-es
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
u0
-
Size
191KB
-
MD5
eab9caf4277829abdf6223ec1efa0edd
-
SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d
-
SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
-
SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2
-
SSDEEP
3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-