Extracted

• • Target

    gg.png

  • Size

    6KB

  • MD5

    98445e7c9731818accbceb1212511f03

  • SHA1

    2926c88ca89cb54d0c549127e0a563d8485b6cfc

  • SHA256

    2e7abe65b47cba299cce9d64b55d6323af961b6e7a1bb6f2635a1e18bb437ff9

  • SHA512

    e4e62e41201f4b3b3d76f13cc24bb96b8d5e53c901ac8e6be65ddafc6e21dd7bd25aeff23dc17699389c512a464ba4ca68a70a31f4d5944a9188b2e0572d18b5

  • SSDEEP

    96:Phi//zBUNa7qIbzcGQDMcIRyYy42GkX/XJKlVl11GXWrWmHN6AlYoQ4EXk+:Phi/L287qKJtckyYyV67GmrWmt6A/Eh

  Score

  10^/10

  wannacrydiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1