General
-
Target
https://www.bing.com/ck/a?!&&p=76c96d69cb990b2eJmltdHM9MTY4NTc1MDQwMCZpZ3VpZD0xODk4OGRjMi0zZjA2LTZjMzAtMGI5NC05ZWM5M2U2ZDZkYmEmaW5zaWQ9NTE5OQ&ptn=3&hsh=3&fclid=18988dc2-3f06-6c30-0b94-9ec93e6d6dba&psq=wannacry+ransomware+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL2xpbWl0ZWNpL1dhbm5hQ3J5&ntb=1
-
Sample
230603-1947taac26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.bing.com/ck/a?!&&p=76c96d69cb990b2eJmltdHM9MTY4NTc1MDQwMCZpZ3VpZD0xODk4OGRjMi0zZjA2LTZjMzAtMGI5NC05ZWM5M2U2ZDZkYmEmaW5zaWQ9NTE5OQ&ptn=3&hsh=3&fclid=18988dc2-3f06-6c30-0b94-9ec93e6d6dba&psq=wannacry+ransomware+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL2xpbWl0ZWNpL1dhbm5hQ3J5&ntb=1
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Downloads\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
https://www.bing.com/ck/a?!&&p=76c96d69cb990b2eJmltdHM9MTY4NTc1MDQwMCZpZ3VpZD0xODk4OGRjMi0zZjA2LTZjMzAtMGI5NC05ZWM5M2U2ZDZkYmEmaW5zaWQ9NTE5OQ&ptn=3&hsh=3&fclid=18988dc2-3f06-6c30-0b94-9ec93e6d6dba&psq=wannacry+ransomware+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL2xpbWl0ZWNpL1dhbm5hQ3J5&ntb=1
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-