wannacry | e672965e0783643633efb6dab2d569add812e53af997cf48bd5d788e53de55d3

General

Target

2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Size

6.4MB
MD5

1d82912d3e95cc2f66d43f61e0be37b1
SHA1

fbd822032c4a40ecc3582278eb1f2e7b7dcd884e
SHA256

e672965e0783643633efb6dab2d569add812e53af997cf48bd5d788e53de55d3
SHA512

5830f5c5c5e878eb8c07ffea1d1b4e69271c0e1f22a68979ea38cdd956bac1b4bf82b6f4dd976de80a9fbf5956a7fd546e917b8628c72b49a0f184538a20ff38
SSDEEP

98304:KuqPoBhz1aRxcSUDk36SAEdhvxW1A593R8yAVp2HI:KuqPe1Cxcxk3ZAEUizR8yc4HI

Score

10^/10

wannacry ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry

Executes dropped EXE 1 IoCs

pid	Process
1376	tasksche.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\tasksche.exe	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe

Modifies data under HKEY_USERS 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3C15523F-ED69-4F97-BDFB-CA4714CB6DDB}	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3C15523F-ED69-4F97-BDFB-CA4714CB6DDB}\WpadDecision = "0"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3C15523F-ED69-4F97-BDFB-CA4714CB6DDB}\WpadNetworkName = "Network 3"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-c2-51-36-c0-60	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-c2-51-36-c0-60\WpadDecisionReason = "1"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3C15523F-ED69-4F97-BDFB-CA4714CB6DDB}\WpadDecisionReason = "1"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3C15523F-ED69-4F97-BDFB-CA4714CB6DDB}\92-c2-51-36-c0-60	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0088000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3C15523F-ED69-4F97-BDFB-CA4714CB6DDB}\WpadDecisionTime = 201bdd39e880d901	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-c2-51-36-c0-60\WpadDecisionTime = 201bdd39e880d901	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-c2-51-36-c0-60\WpadDecision = "0"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe

C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe"
1⤵
- Drops file in Windows directory
PID:1560
- C:\WINDOWS\tasksche.exe
  C:\WINDOWS\tasksche.exe /i
  2⤵
  - Executes dropped EXE
  PID:1376

C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe -m security
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
806288ac8e64c5e9a98f662565dd7f47

SHA1
7103e1cb1c5b0179179cb21a4baa600cb1a8602e

SHA256
ca703ae8f33a5870e480cb139b6942fb80843563ba6441efbe2b84bb218bf162

SHA512
dd2a7e660972f07a8619d1696221f5dd53d2befc961703a81fc087f46903abb5828a54b0f22330c7e879d16fdab714cd3581fa4390c90fa50f77d4f1ce3b3e00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads