wannacry | e672965e0783643633efb6dab2d569add812e53af997cf48bd5d788e53de55d3

Analysis

max time kernel
119s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2023 13:31

Target

2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Size

6.4MB
MD5

1d82912d3e95cc2f66d43f61e0be37b1
SHA1

fbd822032c4a40ecc3582278eb1f2e7b7dcd884e
SHA256

e672965e0783643633efb6dab2d569add812e53af997cf48bd5d788e53de55d3
SHA512

5830f5c5c5e878eb8c07ffea1d1b4e69271c0e1f22a68979ea38cdd956bac1b4bf82b6f4dd976de80a9fbf5956a7fd546e917b8628c72b49a0f184538a20ff38
SSDEEP

98304:KuqPoBhz1aRxcSUDk36SAEdhvxW1A593R8yAVp2HI:KuqPe1Cxcxk3ZAEUizR8yc4HI

Score

10^/10

Executes dropped EXE 1 IoCs

pid	Process
1076	tasksche.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\tasksche.exe	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe

C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe"
1⤵
- Drops file in Windows directory
PID:3332
- C:\WINDOWS\tasksche.exe
  C:\WINDOWS\tasksche.exe /i
  2⤵
  - Executes dropped EXE
  PID:1076

C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe
C:\Users\Admin\AppData\Local\Temp\2023-05-06_1d82912d3e95cc2f66d43f61e0be37b1_wannacry.exe -m security
1⤵
- Modifies data under HKEY_USERS
PID:2140

C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
806288ac8e64c5e9a98f662565dd7f47

SHA1
7103e1cb1c5b0179179cb21a4baa600cb1a8602e

SHA256
ca703ae8f33a5870e480cb139b6942fb80843563ba6441efbe2b84bb218bf162

SHA512
dd2a7e660972f07a8619d1696221f5dd53d2befc961703a81fc087f46903abb5828a54b0f22330c7e879d16fdab714cd3581fa4390c90fa50f77d4f1ce3b3e00

Download Submit