General
-
Target
Delta.zip
-
Size
478KB
-
Sample
240222-wl38dsdd8x
-
MD5
4854d9b4e51e85e83f997cefbd773a50
-
SHA1
d5d96d1d2b91a4c8520cb6e8cff1e41653710b26
-
SHA256
6487c010b06f1494e7a21abbd7f2dc8764033c3f2fcadefd44cbcc876624ea31
-
SHA512
b4cbd00db46e87825b0869c2887acc1138a2d7ddcb3e75a4b200443d7b2da7dc67ebe700fc94f615b581a5fbca1de0c25b492235ce5138f4530d36635f3f5c2a
-
SSDEEP
12288:VwB4hHOv4vkwRFU0Yz3jBL75xwc4XscIFl4zA6fzvBLP:+B1v8kEKjRdxwr81FlQxfDxP
Static task
static1
Behavioral task
behavioral1
Sample
Delta.zip
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
Delta.exe
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
DeltaInstaller.bat
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
config
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
lua51.dll
Resource
win11-20240221-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry(2).zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Delta.zip
-
Size
478KB
-
MD5
4854d9b4e51e85e83f997cefbd773a50
-
SHA1
d5d96d1d2b91a4c8520cb6e8cff1e41653710b26
-
SHA256
6487c010b06f1494e7a21abbd7f2dc8764033c3f2fcadefd44cbcc876624ea31
-
SHA512
b4cbd00db46e87825b0869c2887acc1138a2d7ddcb3e75a4b200443d7b2da7dc67ebe700fc94f615b581a5fbca1de0c25b492235ce5138f4530d36635f3f5c2a
-
SSDEEP
12288:VwB4hHOv4vkwRFU0Yz3jBL75xwc4XscIFl4zA6fzvBLP:+B1v8kEKjRdxwr81FlQxfDxP
Score10/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
-
-
Target
Delta.exe
-
Size
89KB
-
MD5
dd98a43cb27efd5bcc29efb23fdd6ca5
-
SHA1
38f621f3f0df5764938015b56ecfa54948dde8f5
-
SHA256
1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
-
SHA512
871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0
-
SSDEEP
1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv
Score1/10 -
-
-
Target
DeltaInstaller.bat
-
Size
541B
-
MD5
51dfcd466dc358d53af79757929de943
-
SHA1
dfd5ccb39b0d29597431885a1ce2b13ef28913b8
-
SHA256
8e87eaa40d7e13010e91ba80605dc367f4af43b71adf9d9452d659828f867446
-
SHA512
96f23a49bde8fb403523933ac457acb79eabca95d75e4e94e9b1358477dc230fa7450a1efcfbf066d5958a169a207c5593fcb68c641607b5ca908214c65d351b
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
config
-
Size
190KB
-
MD5
3d7ecf4d9562e1dfd1dbc39fdcb32cee
-
SHA1
f117c00eff9177a7d21e366b11ac643885a061a7
-
SHA256
7110c8b5190e84c66ca829d16d7e3b3cbd3a8e8d491bdc73b90e6a77b8b5053d
-
SHA512
8d01f0c2965b2759243b84a4d1cfc766167e4ef6edc2062723bfe21b212b3da093275465e54f65ebcc8ca2b8a68cc0e0506a895884cf47dfa965131c0f2a9b25
-
SSDEEP
3072:luQKS57zFN73+M8js5WYHaKrtobGut+rAJEj25RQ0DgdCXfN:lQgBk1LKZ+yrAFRvoWN
Score1/10 -
-
-
Target
lua51.dll
-
Size
592KB
-
MD5
3dff7448b43fcfb4dc65e0040b0ffb88
-
SHA1
583cdab08519d99f49234965ffd07688ccf52c56
-
SHA256
ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60
-
SHA512
cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394
-
SSDEEP
12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1