Resubmissions
17-12-2023 09:23
231217-lcwf3sfee4 124-08-2023 10:29
230824-mjle5abg93 824-08-2023 10:11
230824-l8dwxadb9s 724-08-2023 10:08
230824-l6nnbsbg33 123-08-2023 12:45
230823-py9sdacc24 823-08-2023 11:00
230823-m38prsda7y 123-08-2023 10:49
230823-mw51asbe95 523-08-2023 10:04
230823-l4fvpsbd49 123-08-2023 10:04
230823-l39rdscg9s 1General
-
Target
https://google.com
-
Sample
230312-q99r7aea89
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://google.com
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
https://google.com
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Change Default File Association
1Registry Run Keys / Startup Folder
2Hidden Files and Directories
1Defense Evasion
File Deletion
1File Permissions Modification
1Modify Registry
5Hidden Files and Directories
1