General
-
Target
WannaCry.EXE
-
Size
3.4MB
-
Sample
230510-vhm7bsah7w
-
MD5
80d2cfccef17caa46226147c1b0648e6
-
SHA1
4540c60c99594ebd49e0ede7d2070b00f5fb021b
-
SHA256
91afb972e14584bc1e23802e2b26813f57b802689fe61a540fdaf162cecd7493
-
SHA512
d0c245182b1f984f244a49267ead57296002f31d4ce36102508b604f85aa32a879a80f628312e1332f04104af35da0947b3c0e0eec35385bbac7540345f8a99b
-
SSDEEP
98304:JPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g36R:JPe1Cxcxk3ZAEUadzR8yc4gKR
Behavioral task
behavioral1
Sample
WannaCry.exe
Resource
win10-20230220-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3582-490\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
WannaCry.EXE
-
Size
3.4MB
-
MD5
80d2cfccef17caa46226147c1b0648e6
-
SHA1
4540c60c99594ebd49e0ede7d2070b00f5fb021b
-
SHA256
91afb972e14584bc1e23802e2b26813f57b802689fe61a540fdaf162cecd7493
-
SHA512
d0c245182b1f984f244a49267ead57296002f31d4ce36102508b604f85aa32a879a80f628312e1332f04104af35da0947b3c0e0eec35385bbac7540345f8a99b
-
SSDEEP
98304:JPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g36R:JPe1Cxcxk3ZAEUadzR8yc4gKR
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-