Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2023-08-25...JC.exe

windows7-x64

10

2023-08-25...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-25_4fda05b95c801ac8969f25df35577b2b_wannacry_JC.exe

  • Size

    2.2MB

  • MD5

    4fda05b95c801ac8969f25df35577b2b

  • SHA1

    a329db850275d368348603131a2953ebc36d5128

  • SHA256

    35b4648bae8c821b09ccf42c52a0df6df7d1a15ba0634333ff7b587a91356583

  • SHA512

    fe0bda3d97646f626249ec6b7fa27db4d5f987f1d2bd8c376a88f64fde601dc07cb315aec6f04f71220575a5d0cf282583dec9745b87ac8147ec25e6a1d3b327

  • SSDEEP

    24576:QbLguriIfEcQdIVUacMNgef0QeQjG/D8kIqRYoAdNLK:QnpEKUacBVQej/1IN

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3243) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-25_4fda05b95c801ac8969f25df35577b2b_wannacry_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-25_4fda05b95c801ac8969f25df35577b2b_wannacry_JC.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4100
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:4864
  • C:\Users\Admin\AppData\Local\Temp\2023-08-25_4fda05b95c801ac8969f25df35577b2b_wannacry_JC.exe
    C:\Users\Admin\AppData\Local\Temp\2023-08-25_4fda05b95c801ac8969f25df35577b2b_wannacry_JC.exe -m security
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\WINDOWS\tasksche.exe
    Filesize

    2.0MB

    MD5

    2c48f29b22c250a7cb06153d8ebe2c38

    SHA1

    f6b94a14f52f73d85a1954b2c3a7260c7aa851aa

    SHA256

    4ce8192f06b492f184ba1232e37aa24fb974b1b8c99788efc80c61f4c50fdb5f

    SHA512

    ef03ec9fd406e87fff789591d0d8dd45a034d9a236c381a4ffd91ab048b570cdf5f07af4975091a43b9678230693493e8e5053f0f8263f01b84b9ed37eec53e3

    Download Submit

  • C:\Windows\tasksche.exe
    Filesize

    2.0MB

    MD5

    2c48f29b22c250a7cb06153d8ebe2c38

    SHA1

    f6b94a14f52f73d85a1954b2c3a7260c7aa851aa

    SHA256

    4ce8192f06b492f184ba1232e37aa24fb974b1b8c99788efc80c61f4c50fdb5f

    SHA512

    ef03ec9fd406e87fff789591d0d8dd45a034d9a236c381a4ffd91ab048b570cdf5f07af4975091a43b9678230693493e8e5053f0f8263f01b84b9ed37eec53e3

    Download Submit