General
-
Target
2024-03-01_92fa0d5e6346139332c3ee039a9fc7c3_wannacry
-
Size
172KB
-
Sample
240301-jda6esed62
-
MD5
92fa0d5e6346139332c3ee039a9fc7c3
-
SHA1
442662d13173cec6545eda15d14ccec68a576dca
-
SHA256
c491e6228f85b23b477e9beeab62e3547236a8b40cfa222d8943ca2b7dcfa949
-
SHA512
d09c8740635e625248c7c50e76ca9171bce4242433f5821a1b50077d9dda8519d718bc544a2a8a9bf586212361fb0f306ce554fc5ca72b7dc95dc4374f1453ed
-
SSDEEP
3072:50iq9nK97M26+MZjQQbKGUE3T9Mg5hw0GlVdopQ:50iq9K7+jUGULsWVq
Behavioral task
behavioral1
Sample
2024-03-01_92fa0d5e6346139332c3ee039a9fc7c3_wannacry.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-01_92fa0d5e6346139332c3ee039a9fc7c3_wannacry.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-03-01_92fa0d5e6346139332c3ee039a9fc7c3_wannacry
-
Size
172KB
-
MD5
92fa0d5e6346139332c3ee039a9fc7c3
-
SHA1
442662d13173cec6545eda15d14ccec68a576dca
-
SHA256
c491e6228f85b23b477e9beeab62e3547236a8b40cfa222d8943ca2b7dcfa949
-
SHA512
d09c8740635e625248c7c50e76ca9171bce4242433f5821a1b50077d9dda8519d718bc544a2a8a9bf586212361fb0f306ce554fc5ca72b7dc95dc4374f1453ed
-
SSDEEP
3072:50iq9nK97M26+MZjQQbKGUE3T9Mg5hw0GlVdopQ:50iq9K7+jUGULsWVq
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-