General
-
Target
Screenshot 2023-06-01 10.06.29.png
-
Size
39KB
-
Sample
230601-xfrsvafh46
-
MD5
d3b480bc15e3c2dc75ec135b15a799b7
-
SHA1
78871e04212a25e1f96257fd5be3a65486f91fae
-
SHA256
3285dac4c46a10e311b3cc34faafd0638b9130ce3649f222cffdfe0af46aa43f
-
SHA512
5a5b42db05f793a899ecf15748a12f4e8a8dcdbf2f196bfa869a2542730448ab34af32e60bac08ca2cfd6077c722cf1d0ee542a46366d072e160e56c63b09157
-
SSDEEP
768:XJ5Th7F9Pve7iNE0GpCksM4JZKFPoNkamr/shqhD/1/rp:vN7F93Fq0G015JZKFkDi/s0F1l
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2023-06-01 10.06.29.png
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Screenshot 2023-06-01 10.06.29.png
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Screenshot 2023-06-01 10.06.29.png
-
Size
39KB
-
MD5
d3b480bc15e3c2dc75ec135b15a799b7
-
SHA1
78871e04212a25e1f96257fd5be3a65486f91fae
-
SHA256
3285dac4c46a10e311b3cc34faafd0638b9130ce3649f222cffdfe0af46aa43f
-
SHA512
5a5b42db05f793a899ecf15748a12f4e8a8dcdbf2f196bfa869a2542730448ab34af32e60bac08ca2cfd6077c722cf1d0ee542a46366d072e160e56c63b09157
-
SSDEEP
768:XJ5Th7F9Pve7iNE0GpCksM4JZKFPoNkamr/shqhD/1/rp:vN7F93Fq0G015JZKFkDi/s0F1l
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-