General
-
Target
mccisland 3.png
-
Size
365KB
-
Sample
230623-gzygqscf48
-
MD5
2a4b072e929cd3806f2875b2e827d125
-
SHA1
d95d05393a727bf4ec6f79e92374ee5704aa0b51
-
SHA256
18e1e0c5e07f7f4866ba19de95060d054e55cd81b6c838dcb150d025e6f8310f
-
SHA512
0cffa7966bae088cefedbe83c663e4d3343067a06d1ee988cfef4af017b82612de2a1b0794bf8a20a8593e120ee6158e27fb579ce28623a1e6a419eab8272b41
-
SSDEEP
6144:d/roeVEldmEL9rCUddV86FJ5M1EpOG49K39E2U8Dq17uVV2HgIARwkkA4LBBxJKM:WeVkFTV9u1aO39mK2DO7ubQAXETr
Static task
static1
Behavioral task
behavioral1
Sample
mccisland 3.png
Resource
win10v2004-20230621-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
mccisland 3.png
-
Size
365KB
-
MD5
2a4b072e929cd3806f2875b2e827d125
-
SHA1
d95d05393a727bf4ec6f79e92374ee5704aa0b51
-
SHA256
18e1e0c5e07f7f4866ba19de95060d054e55cd81b6c838dcb150d025e6f8310f
-
SHA512
0cffa7966bae088cefedbe83c663e4d3343067a06d1ee988cfef4af017b82612de2a1b0794bf8a20a8593e120ee6158e27fb579ce28623a1e6a419eab8272b41
-
SSDEEP
6144:d/roeVEldmEL9rCUddV86FJ5M1EpOG49K39E2U8Dq17uVV2HgIARwkkA4LBBxJKM:WeVkFTV9u1aO39mK2DO7ubQAXETr
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-