General
-
Target
2023-05-30_3745212680b161ad2553e982350bf67c_wannacry
-
Size
3.6MB
-
Sample
230601-c5frnacb43
-
MD5
3745212680b161ad2553e982350bf67c
-
SHA1
8b7123d6e2c04379090333752e7df77029beda22
-
SHA256
cc1aa8b55722bcbbc9e68702e51f39bc36fb309a79f5eae2dc74d6e3ff690983
-
SHA512
568807df83c1f6c350839943304355c5e0a8daa199fd8ab157e173152cfa09223df8684aa6549eb9d7cba8a458f5efbf5750d60c21774984b13bff964fda8a4b
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3u:wQqPe1Cxcxk3ZAEUadzR8yc4ge
Static task
static1
Behavioral task
behavioral1
Sample
2023-05-30_3745212680b161ad2553e982350bf67c_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-30_3745212680b161ad2553e982350bf67c_wannacry.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Documents\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\ProgramData\iqtbqgmcp904\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
2023-05-30_3745212680b161ad2553e982350bf67c_wannacry
-
Size
3.6MB
-
MD5
3745212680b161ad2553e982350bf67c
-
SHA1
8b7123d6e2c04379090333752e7df77029beda22
-
SHA256
cc1aa8b55722bcbbc9e68702e51f39bc36fb309a79f5eae2dc74d6e3ff690983
-
SHA512
568807df83c1f6c350839943304355c5e0a8daa199fd8ab157e173152cfa09223df8684aa6549eb9d7cba8a458f5efbf5750d60c21774984b13bff964fda8a4b
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3u:wQqPe1Cxcxk3ZAEUadzR8yc4ge
-
Contacts a large (3306) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (1481) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-