General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
C:\Users\Admin\Downloads\VirusCollection\VirusCollection_\ransomwares\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
https://mega.nz/file/5AV20ICB#6vywRQbH_cRm1BMKvkkSAsDwMOlsZ8GASR4D5o9QxSo
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Contacts a large (1115) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
7Subvert Trust Controls
1Install Root Certificate
1