hxxps://github[.]com/fabrimagic72/malware-samples/blob/master/Ransomware/Wannacry/mssecsvc_0c694193ceac8bfb016491ffb534eb7c[.]zip

Analysis

max time kernel
3s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/fabrimagic72/malware-samples/blob/master/Ransomware/Wannacry/mssecsvc_0c694193ceac8bfb016491ffb534eb7c.zip

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 1324	4088	msedge.exe	17
PID 4088 wrote to memory of 1324	4088	msedge.exe	17
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2464	4088	msedge.exe	27
PID 4088 wrote to memory of 2408	4088	msedge.exe	50
PID 4088 wrote to memory of 2408	4088	msedge.exe	50

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffabb6b46f8,0x7ffabb6b4708,0x7ffabb6b4718
1⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/fabrimagic72/malware-samples/blob/master/Ransomware/Wannacry/mssecsvc_0c694193ceac8bfb016491ffb534eb7c.zip
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3772916946296833143,16972629537356916265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 /prefetch:2
  2⤵
  PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e7343701f1061a3462c1383fae36a279

SHA1
781e5ac4539cb312e52c154a95e52399d699613a

SHA256
ac896540a9efea55300ab2bf6118e3f7ea7b794ee0cde0cfad80bde48d4aa93e

SHA512
3afe9151d34bf4a2e9f87d233160c4dc68d0ab630a379b02fb7c788468857915c2ecdc7a33dabb5ae4b648faa1aee9a2a8f4b85b5d0158af37778c9ba14edc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
15edb2e97052d3fd3121a724f47c3d15

SHA1
efc020fa16a75206d9e3ca6738e0f6caa59fbe85

SHA256
9ec3140bf9d1c265bdc421af8599a86908f928ea4d8291db5550a1c2c840f691

SHA512
74b64294d6502625bbaa6907795c530b3078ca677fa43e9647d573a9fa1df0c6558dbf572cd43fda3214bbbc49d4e784d643213db78f7f9fac5499d1ecb21822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
017e8ee4e1e880c2f04fe95cf1e53e09

SHA1
bd8e8242ae2a96ddaedceee77451fc7033cd72a2

SHA256
e7d81ffdcf0c614d5dd8141dd004f3c84032d606d8dc65616db67b3e1fb4fd0b

SHA512
2adb6d5fcf86d1765e835f8ad549d8ea00dd8fc1356476938f51f21b10824efdd6a584ad262f94d7b7cbfc793470a79d16ce841f462ace712b62e51606ba512b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2723e2a5dd03923b9febe03ca920703b

SHA1
b3c305414ea1da19e6298ca33ae6e213749e8d0f

SHA256
7fd4943fcfe38a7c2c37a4c49aa40e93b866d8057072b632d07784d8e180d0d1

SHA512
8acc7ee7d1d7e1b664d300420df00836d663ac5691b82ab5d79d0bf96792bc8e045aef1019f7ad5208fa5623dab4657d22a19333f2552e85742f7bed9d5a96f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bdbc28c6c95a728276bd30c462a6a9b

SHA1
bb945fab74ec3f5dae05dd88a046c41218239d60

SHA256
302fab718e06fcc5dbeffe974f47a8d79928e6f0e78baef167624e16e33318ac

SHA512
0892e4e6906f05ac7c24970d4e13a386cf5750420319dd559ade6b3de2142786bb7268c0fc243b4f1cd350e14eedab9428d169113370100dbe671b9164b87e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
1fe93189e0cfd3e1d2d705abc0c176b1

SHA1
e9dac22558937074ff88b6529d99220b8beb8dd5

SHA256
f0c911ca1a8f592169e381f4ea21feb4cd51ae042a5082a2a0a9a889757ddee6

SHA512
4d68b5ebdfa740ecaa226806f558d7bc619db570897714ea4a09142c22da75be9c0ffd2b718e54afdf9e345172f5417451c13387dc8e6dc79386b3f77e2566e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e29f.TMP

Filesize
874B

MD5
ca2eb9083a129c9c41b17cef785eefd8

SHA1
98ca630de3eec1445c200484ecee18de61bc5155

SHA256
ef035d3f4ecab21c6024062138982e05ffeabe26eea60ce18e9404ec34f1e4d0

SHA512
0da77ecc0e8c4638e1ff15b578c40ff358087a00ac222d2f6eeb7a1d899796e8b770cb72e9d1799f233848946608d6a864ac4d3bdcf557a074d4f1915d136253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
fa52eb8a90b6c80b69b506b3c80a06c8

SHA1
cc1f197091b7b5d92fedbab5a2dba7faa33eaa76

SHA256
c8eeb6153259b7d8c1f003458190d20246a244d30350a18fe67bde85903d10da

SHA512
246d46f74ae7b963d13380412f36097cc0deea84a184dcd5e601a514451ab4e1cafc9fc0e04b792ab7c131853353dee9cae002ef3a56a3403d57669557b5b5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f5eaaaf4484a7ef9ae7b341c89f07b4

SHA1
28437aebb06be3ac04556ebfb944d0a5d491a787

SHA256
17ccf321c2ec0c3b01d826cc7b2f7d6501045276d2b1542c079dc79e1b827821

SHA512
31bd35198ea717107ed1e59b9a9a41172b99538b608a8ed32c0b22657eab94bcbd0ba224dc622f697c89923438dfbbd71e20152da98300cbab04e94795f37fda

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads