General
-
Target
2023-05-31_6df161fa0b9c39f3b93082e74adb377c_wannacry
-
Size
3.6MB
-
Sample
230601-c66z8scb78
-
MD5
6df161fa0b9c39f3b93082e74adb377c
-
SHA1
cfc55129cb0a012a1ee2c067874d081967d74cb9
-
SHA256
9405b3422c5f2d9d3740b62c6b115176b839c6b7f0c6a73eca0dd6187f6310b3
-
SHA512
947c2d8815187943a26a0ddee59ff79a0b1c0239b95bfaad6b362ac5b80178cb66cca4d4bdf6ae8778a744b0e83a719ccb111c961081e10613e31592067fd9cb
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3t:wQqPe1Cxcxk3ZAEUadzR8yc4gd
Static task
static1
Behavioral task
behavioral1
Sample
2023-05-31_6df161fa0b9c39f3b93082e74adb377c_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-31_6df161fa0b9c39f3b93082e74adb377c_wannacry.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Documents\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\ProgramData\xtiftaepcwzu133\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
2023-05-31_6df161fa0b9c39f3b93082e74adb377c_wannacry
-
Size
3.6MB
-
MD5
6df161fa0b9c39f3b93082e74adb377c
-
SHA1
cfc55129cb0a012a1ee2c067874d081967d74cb9
-
SHA256
9405b3422c5f2d9d3740b62c6b115176b839c6b7f0c6a73eca0dd6187f6310b3
-
SHA512
947c2d8815187943a26a0ddee59ff79a0b1c0239b95bfaad6b362ac5b80178cb66cca4d4bdf6ae8778a744b0e83a719ccb111c961081e10613e31592067fd9cb
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3t:wQqPe1Cxcxk3ZAEUadzR8yc4gd
-
Contacts a large (3273) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (1316) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-