General
-
Target
2023-05-30_3124e05a694f736aebfa45850ee134a0_wannacry
-
Size
3.6MB
-
Sample
230601-c5cd8scb38
-
MD5
3124e05a694f736aebfa45850ee134a0
-
SHA1
f2db9fd28f8e8136bd1ee8260a80a976083aae27
-
SHA256
eb954d21c0b51a05324e91e841b16712411ffd520210df0742dc8c308872e59b
-
SHA512
d76cf86bfbb83a928687873b539c8884d15a68b6c3c39c9e2d503ae990c13e8291149933c39858d0d0beafe6ab43c95a3986780d50574a24c89b5eeb5772a5f0
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3D:wQqPe1Cxcxk3ZAEUadzR8yc4gz
Static task
static1
Behavioral task
behavioral1
Sample
2023-05-30_3124e05a694f736aebfa45850ee134a0_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-30_3124e05a694f736aebfa45850ee134a0_wannacry.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
C:\Users\Admin\Documents\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
2023-05-30_3124e05a694f736aebfa45850ee134a0_wannacry
-
Size
3.6MB
-
MD5
3124e05a694f736aebfa45850ee134a0
-
SHA1
f2db9fd28f8e8136bd1ee8260a80a976083aae27
-
SHA256
eb954d21c0b51a05324e91e841b16712411ffd520210df0742dc8c308872e59b
-
SHA512
d76cf86bfbb83a928687873b539c8884d15a68b6c3c39c9e2d503ae990c13e8291149933c39858d0d0beafe6ab43c95a3986780d50574a24c89b5eeb5772a5f0
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3D:wQqPe1Cxcxk3ZAEUadzR8yc4gz
-
Contacts a large (3283) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (1510) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-