Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
24/07/2023, 12:31
General
-
Target
2023-07-10_3e6c5b804d64c2e4a4b51295da453a65_wannacry.exe
-
Size
5.0MB
-
MD5
3e6c5b804d64c2e4a4b51295da453a65
-
SHA1
b63eef8bfaf513116ede91d6cf15fac721d1c345
-
SHA256
deda3193fe66a46684755c67fd6c5b1e25cda90e5718d3f7729a7e296fda885c
-
SHA512
e59e9fb4b01433b2f5c1490e5a4c93f0928a5e8ed13f4d685e613c15f7b67f915dae16755a708aa4a18b3561a19735f229fc87bfd0ab6384a117df44631c5980
-
SSDEEP
49152:2nAQqMSPbcBVQejgINRG6SAARdhnveAMEcaEau3R8yAH1plAH:yDqPoBhsaRG6SAEdhve593R8yAVp2H
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3268) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-07-10_3e6c5b804d64c2e4a4b51295da453a65_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2023-07-10_3e6c5b804d64c2e4a4b51295da453a65_wannacry.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\2023-07-10_3e6c5b804d64c2e4a4b51295da453a65_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2023-07-10_3e6c5b804d64c2e4a4b51295da453a65_wannacry.exe -m security1⤵
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD5609c834d22e2215605a41a5051427198
SHA10288fcfab0cb983b19d4042376b289e82efbdc31
SHA25679b8933da96669b5cf47a958a9e2d6fba8ddd60ecde952f23bc56b3705a8f37c
SHA512959f616c40260c0eacdd060ab5cafb848b8c36de87161ea3e80d9f212d090bdc6b6e80fe8142c6a86b887752f0dd057e8f2724d15257bb9cd6287727f9786e8c