Overview

overview

10

Static

static

3

NA_NA_1f44...JC.exe

windows7-x64

10

NA_NA_1f44...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2023, 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NA_NA_1f449b5387d2deexeexe_JC.exe

  • Size

    3.6MB

  • MD5

    1f449b5387d2de73aeadcf0dd43b4b91

  • SHA1

    d943c20f180064a0939fb947a3cc8cfb8207c1f9

  • SHA256

    ba8fa582a466530641805be5ac05e3a5a4e4fcc09cebc73a2cbd6dd3b7fcc33a

  • SHA512

    e7a81cc9269bb3145c404d153051f7ca439adb57225fa9cf26cadf613f39c8b5712e148c5727ef05f4f3b5f36cc7d30922f140925ef0ed7b3de5ee65b06d8987

  • SSDEEP

    24576:2bLgddQhfdmMSirYbcMNgef0raut/8uME7A4kqAH1:2nAQqMSPbcBVrau3R8yAH1

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3313) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NA_NA_1f449b5387d2deexeexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NA_NA_1f449b5387d2deexeexe_JC.exe"
    1⤵
    • Drops file in Windows directory
    PID:2012
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2224
  • C:\Users\Admin\AppData\Local\Temp\NA_NA_1f449b5387d2deexeexe_JC.exe
    C:\Users\Admin\AppData\Local\Temp\NA_NA_1f449b5387d2deexeexe_JC.exe -m security
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    03a61cac0f58e145cf5ed919ceeb0c71

    SHA1

    a358e747c5cab9416b4506eafe7a48ab9628b679

    SHA256

    917cfab3032f94762c5c9d96a92739736336f1337dfce6c2176f72df580f902e

    SHA512

    6226c1dc143a020a59ac966da0e24d0d152bb2833d46462359a5530181b52070a097f6bf5ef7e8d5f57030bdddb1a3359ebe4d682c5275c7d6bfa87d37669a6b

    Download Submit