Analysis
-
max time kernel
1s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 19:42
General
-
Target
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
Score
10/10
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\[email protected]"C:\Users\Admin\AppData\Local\Temp\[email protected]"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- Views/modifies file attributes
-
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.execmd /c 251131704656600.bat2⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\cmd.exe
-
-
C:\Users\Admin\AppData\Local\Temp\@[email protected]
-
C:\Users\Admin\AppData\Local\Temp\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nnzzsvcjqe067" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\tasksche.exe\"" /f2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\@[email protected]
-
-
C:\Users\Admin\AppData\Local\Temp\taskse.exe
-
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\@[email protected]
-
-
C:\Users\Admin\AppData\Local\Temp\taskse.exe
-
-
C:\Users\Admin\AppData\Local\Temp\@[email protected]
-
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\taskse.exe
-
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\@[email protected]
-
-
C:\Users\Admin\AppData\Local\Temp\taskse.exe
-
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs1⤵
-
C:\Users\Admin\AppData\Local\Temp\@[email protected]
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet2⤵
-
-
C:\Windows\SysWOW64\vssadmin.exevssadmin delete shadows /all /quiet1⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "nnzzsvcjqe067" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\tasksche.exe\"" /f1⤵
- Modifies registry key
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
520KB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
136KB
-
Filesize
520KB
-
Filesize
3.0MB
-
Filesize
136KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
3.0MB
-
Filesize
520KB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
520KB
-
Filesize
476KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
112KB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
64KB