General
-
Target
Amira_Security_Setup10.msi
-
Size
682KB
-
Sample
230617-llke6sag8v
-
MD5
1d41d3cf7ecfba63638ce048c7f02016
-
SHA1
03e785e950f1310cfe2bbf21a2c19fa43cfaae1b
-
SHA256
53aff2ab2974e31fc5c85b013d34bcebf33b8b591926ea4e027410bcaefebcb2
-
SHA512
15609f7d73b71c72f891a2ce31e3360a8c47ad8e081e37a64f3a8160afae51a2d35f7cb95ed50adb0e3335620683f854ec461457d642740ac4e7b294efddbad8
-
SSDEEP
12288:xnzRUFb4H6KJF/pDYkw0gCvoKWg6AZznX43KPEMqffKssFDO2:xnGOxtwYXLEjfQO2
Static task
static1
Behavioral task
behavioral1
Sample
Amira_Security_Setup10.msi
Resource
win10v2004-20230220-de
Malware Config
Extracted
C:\Users\Admin\Desktop\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
Amira_Security_Setup10.msi
-
Size
682KB
-
MD5
1d41d3cf7ecfba63638ce048c7f02016
-
SHA1
03e785e950f1310cfe2bbf21a2c19fa43cfaae1b
-
SHA256
53aff2ab2974e31fc5c85b013d34bcebf33b8b591926ea4e027410bcaefebcb2
-
SHA512
15609f7d73b71c72f891a2ce31e3360a8c47ad8e081e37a64f3a8160afae51a2d35f7cb95ed50adb0e3335620683f854ec461457d642740ac4e7b294efddbad8
-
SSDEEP
12288:xnzRUFb4H6KJF/pDYkw0gCvoKWg6AZznX43KPEMqffKssFDO2:xnGOxtwYXLEjfQO2
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-