Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2023-05-31_22528c61996a5b124f5514ade9523df7_wannacry
-
Size
3.6MB
-
Sample
230601-c6pqyscf5z
-
MD5
22528c61996a5b124f5514ade9523df7
-
SHA1
13cc2d9dc864e9a2a96cf0d13e6289f6970bfec4
-
SHA256
c1f88e93b7e520be548a497779faa423c46e694c96d90b1fd3ab43f180953af3
-
SHA512
6a35d36bc4f56aefa81d6a75b92f09d7578d3ff8bf02b44d088620f9408ab6a7696be865dd4265c914f0207c600ea63ab5806f41364dbba02d9d88ef4f23b5dd
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3K:wQqPe1Cxcxk3ZAEUadzR8yc4g6
Static task
static1
Behavioral task
behavioral1
Sample
2023-05-31_22528c61996a5b124f5514ade9523df7_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-31_22528c61996a5b124f5514ade9523df7_wannacry.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\ProgramData\iqtbqgmcp904\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
2023-05-31_22528c61996a5b124f5514ade9523df7_wannacry
-
Size
3.6MB
-
MD5
22528c61996a5b124f5514ade9523df7
-
SHA1
13cc2d9dc864e9a2a96cf0d13e6289f6970bfec4
-
SHA256
c1f88e93b7e520be548a497779faa423c46e694c96d90b1fd3ab43f180953af3
-
SHA512
6a35d36bc4f56aefa81d6a75b92f09d7578d3ff8bf02b44d088620f9408ab6a7696be865dd4265c914f0207c600ea63ab5806f41364dbba02d9d88ef4f23b5dd
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3K:wQqPe1Cxcxk3ZAEUadzR8yc4g6
-
Contacts a large (3290) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (1456) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-