Behavioral task
behavioral1
Sample
2024-03-04_2a0487a33e6e0251342bb82a0048e0bc_destroyer_wannacry.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-04_2a0487a33e6e0251342bb82a0048e0bc_destroyer_wannacry.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-04_2a0487a33e6e0251342bb82a0048e0bc_destroyer_wannacry
-
Size
27KB
-
MD5
2a0487a33e6e0251342bb82a0048e0bc
-
SHA1
c82c1db3ec7557bf99fb3538b6d10f779fe13139
-
SHA256
af6750a2647ba7d580bc524577eff5fb462c030246368ed94e954f9fb133fef3
-
SHA512
31a096bf84a1217a30b75e72eed1d0f9cd4a8f3e0f240f8790419f3a7640cda414a608de2bae802c2d817734965fdd27d09a542c036eac187706fa0a73dd2d40
-
SSDEEP
384:MtWZPzzxAm1vgcbIEhvLKeOS2NiNWlwOy5o91F1x+82vq:x7zxAm9IYeeOSSiNho9JM82i
Malware Config
Signatures
-
Chaos Ransomware 1 IoCs
Processes:
resource yara_rule sample family_chaos -
Chaos family
-
Detects command variations typically used by ransomware 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICOUS_EXE_References_VEEAM -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-03-04_2a0487a33e6e0251342bb82a0048e0bc_destroyer_wannacry
Files
-
2024-03-04_2a0487a33e6e0251342bb82a0048e0bc_destroyer_wannacry.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ