General
-
Target
2023-06-04_95a426917af14bc5486a0f57287f6de1_wannacry
-
Size
3.5MB
-
Sample
230606-jx16ysdc21
-
MD5
95a426917af14bc5486a0f57287f6de1
-
SHA1
bfa3afd311b2074d444eb232b03e5e03ace81d77
-
SHA256
56176dec237f02215c137d45e3484d99e3a5c7c0bf5619494919b5ec4943dbf9
-
SHA512
56dbb767edc96bb785701f0b4a1a5b21ce9c7a7b373ac07c9f63d0308a7122057bdd93f3609197b35e200c4f8d34e3ae3a04b2af1c85b0307ea0f1ffff07cf36
-
SSDEEP
98304:LvPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:LvPe1Cxcxk3ZAEUadzR8yc4g
Static task
static1
Behavioral task
behavioral1
Sample
2023-06-04_95a426917af14bc5486a0f57287f6de1_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-06-04_95a426917af14bc5486a0f57287f6de1_wannacry.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Documents\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
2023-06-04_95a426917af14bc5486a0f57287f6de1_wannacry
-
Size
3.5MB
-
MD5
95a426917af14bc5486a0f57287f6de1
-
SHA1
bfa3afd311b2074d444eb232b03e5e03ace81d77
-
SHA256
56176dec237f02215c137d45e3484d99e3a5c7c0bf5619494919b5ec4943dbf9
-
SHA512
56dbb767edc96bb785701f0b4a1a5b21ce9c7a7b373ac07c9f63d0308a7122057bdd93f3609197b35e200c4f8d34e3ae3a04b2af1c85b0307ea0f1ffff07cf36
-
SSDEEP
98304:LvPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:LvPe1Cxcxk3ZAEUadzR8yc4g
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-