General
-
Target
WannaCrypt0r.cmd
-
Size
5.9MB
-
Sample
230624-3ewcjade8x
-
MD5
603708f29a65b0ebb37470b804ce6499
-
SHA1
8cd933e276554a2e76d241459171dac3475f1eb3
-
SHA256
a17c9d9a4f3efca96edbd9d588aaafc8f319b75bc63083b4aedbba96f9374354
-
SHA512
8aa1069f6288512d92f0c2125cd8f31512c31f865e3150436e96cfa5bf23ca63d633cb9a864121880d9d8d899de5698efaf135f0406c56f23bc3a8cc2666444f
-
SSDEEP
49152:0TlQjr91BV/MWMtZ9f0o/pCMcmkgvgplcvflU5tKE0qrwJu8W/9eL3:6
Static task
static1
Behavioral task
behavioral1
Sample
WannaCrypt0r.cmd
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
WannaCrypt0r.cmd
Resource
win10v2004-20230621-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
WannaCrypt0r.cmd
-
Size
5.9MB
-
MD5
603708f29a65b0ebb37470b804ce6499
-
SHA1
8cd933e276554a2e76d241459171dac3475f1eb3
-
SHA256
a17c9d9a4f3efca96edbd9d588aaafc8f319b75bc63083b4aedbba96f9374354
-
SHA512
8aa1069f6288512d92f0c2125cd8f31512c31f865e3150436e96cfa5bf23ca63d633cb9a864121880d9d8d899de5698efaf135f0406c56f23bc3a8cc2666444f
-
SSDEEP
49152:0TlQjr91BV/MWMtZ9f0o/pCMcmkgvgplcvflU5tKE0qrwJu8W/9eL3:6
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-