General
-
Target
2023-05-31_28b0169c9739673bb5c240972ca14b71_wannacry
-
Size
3.6MB
-
Sample
230601-c6rwbacf6t
-
MD5
28b0169c9739673bb5c240972ca14b71
-
SHA1
d8df2fde539ed245b94a3c0e867d991587f2eb1f
-
SHA256
4082d9dbadbd00b9eb8a2961b887c3e0e3da16303268ce68f3f87f7d1e9790ff
-
SHA512
b29a01ca89b873322b2e7338ef29a96a104d7228e29329b88d0b00f51650ecbb04fc706303be5cd51529ad745b9405096b6dd2bd9a3b785926b503ba15d85361
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3O:wQqPe1Cxcxk3ZAEUadzR8yc4g+
Static task
static1
Behavioral task
behavioral1
Sample
2023-05-31_28b0169c9739673bb5c240972ca14b71_wannacry.exe
Resource
win7-20230220-en
Malware Config
Extracted
C:\Users\Admin\Documents\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\ProgramData\urfnhjtdlojhzxx574\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
2023-05-31_28b0169c9739673bb5c240972ca14b71_wannacry
-
Size
3.6MB
-
MD5
28b0169c9739673bb5c240972ca14b71
-
SHA1
d8df2fde539ed245b94a3c0e867d991587f2eb1f
-
SHA256
4082d9dbadbd00b9eb8a2961b887c3e0e3da16303268ce68f3f87f7d1e9790ff
-
SHA512
b29a01ca89b873322b2e7338ef29a96a104d7228e29329b88d0b00f51650ecbb04fc706303be5cd51529ad745b9405096b6dd2bd9a3b785926b503ba15d85361
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3O:wQqPe1Cxcxk3ZAEUadzR8yc4g+
-
Contacts a large (3247) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (1514) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-