General
-
Target
2023-08-22_bc0d6579c96bf9d21625b1ee497b7039_wannacry_JC.exe
-
Size
953KB
-
Sample
230903-pkjn2ahf9v
-
MD5
bc0d6579c96bf9d21625b1ee497b7039
-
SHA1
c6c12323c3d70c0b3eb9aa1d99a13348053dd43d
-
SHA256
f912cd2a6cd21e828dc32b97eac0ce9b2c4e8d5a7944deaa4bd61f41ab8e1997
-
SHA512
887f8fb143b11eed07e76ccfac74a81fea8f3d6906b18f6ff3b7eb0b968d12b5fba22f2385231cba9fb82473018eebe1426d03e05a4bfac66bc0a0a134d360d5
-
SSDEEP
12288:vEPMLC814R2hig4tHkg2W+AU+R2TjsPvEpv8LpgUO4EP3SL98l0zmWHQuTwYzzjr:/ztQE1ov2AZ9HjkftWy3PG
Behavioral task
behavioral1
Sample
2023-08-22_bc0d6579c96bf9d21625b1ee497b7039_wannacry_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-22_bc0d6579c96bf9d21625b1ee497b7039_wannacry_JC.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
C:\Users\Admin\Documents\PLEASEREAD.txt
Targets
-
-
Target
2023-08-22_bc0d6579c96bf9d21625b1ee497b7039_wannacry_JC.exe
-
Size
953KB
-
MD5
bc0d6579c96bf9d21625b1ee497b7039
-
SHA1
c6c12323c3d70c0b3eb9aa1d99a13348053dd43d
-
SHA256
f912cd2a6cd21e828dc32b97eac0ce9b2c4e8d5a7944deaa4bd61f41ab8e1997
-
SHA512
887f8fb143b11eed07e76ccfac74a81fea8f3d6906b18f6ff3b7eb0b968d12b5fba22f2385231cba9fb82473018eebe1426d03e05a4bfac66bc0a0a134d360d5
-
SSDEEP
12288:vEPMLC814R2hig4tHkg2W+AU+R2TjsPvEpv8LpgUO4EP3SL98l0zmWHQuTwYzzjr:/ztQE1ov2AZ9HjkftWy3PG
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (211) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-