Overview

overview

10

Static

static

3

WannaCry.exe

windows7-x64

5

WannaCry.exe

windows10-1703-x64

5

WannaCry.exe

windows10-2004-x64

10

WannaCry.exe

macos-10.15-amd64

1

WannaCry.exe

ubuntu-18.04-amd64

WannaCry.exe

debian-9-armhf

WannaCry.exe

debian-9-mips

WannaCry.exe

debian-9-mipsel

Analysis

  • max time kernel
    1772s
  • max time network
    1582s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2023 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WannaCry.exe

  • Size

    2.9MB

  • MD5

    4980d38eeac9f666c67d40406d8ef615

  • SHA1

    a3f38d0dec13df5f805b5acde112c2acac73ba08

  • SHA256

    767d2f8c73f90a9589c3be231d94e14212f0348f8a707eccf312f5b36972e2c4

  • SHA512

    c2e1ce3ac3bcb6ed0fa771e338839e436317cf718cd6a1b727673cb1f102e0c77defc9771f77191163752b7676a9080d77b93f7db73f282071a4a5a5dc712d4f

  • SSDEEP

    6144:k/jhHGXR/BsheZM5wnH2m9pD6UgmryJOk55ndwz7AYjK8RTI5JN4jnpK:k/0XHsheSAH2GD3uOAwP5ZI5z4jpK

Score
10/10
wannacryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\WannaCry.exe
    "C:\Users\Admin\AppData\Local\Temp\WannaCry.exe"
    1⤵
    • Sets desktop wallpaper using registry
    PID:4352

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4352-133-0x000001BD13990000-0x000001BD13C84000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/4352-135-0x000001BD14150000-0x000001BD14160000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4352-137-0x000001BD14150000-0x000001BD14160000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4352-138-0x000001BD14150000-0x000001BD14160000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4352-139-0x000001BD14150000-0x000001BD14160000-memory.dmp
    Filesize

    64KB

    Download