General
-
Target
test.exe
-
Size
4KB
-
Sample
230629-vyha1sfc2x
-
MD5
e4df89514610e82a6884fd92ddab45f8
-
SHA1
36228c8b0906670639df4f520bd18906c011da72
-
SHA256
2f1e7da8c808181d09957af04b28327869b03dbf462bd4404972a4bde2860989
-
SHA512
6b26029f1742bfe186add5220c2f6a46ed24b10b8960881dc7d9a0b31c88dd4d8723352747241f28a7af297211f181faaa3d65a4f605b168d0232988093d86fc
Static task
static1
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
test.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
test.exe
-
Size
4KB
-
MD5
e4df89514610e82a6884fd92ddab45f8
-
SHA1
36228c8b0906670639df4f520bd18906c011da72
-
SHA256
2f1e7da8c808181d09957af04b28327869b03dbf462bd4404972a4bde2860989
-
SHA512
6b26029f1742bfe186add5220c2f6a46ed24b10b8960881dc7d9a0b31c88dd4d8723352747241f28a7af297211f181faaa3d65a4f605b168d0232988093d86fc
-
Downloads MZ/PE file
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-