General
-
Target
2024-03-06_90b76d8062c03096bbe55c23b467e5f2_wannacry
-
Size
3.4MB
-
Sample
240306-s4mftabf66
-
MD5
90b76d8062c03096bbe55c23b467e5f2
-
SHA1
3ea2d886fac71f20cecbc7ddf3224d40159be2d9
-
SHA256
080eaa295ba60a5546ab7d0a82ea410e35d5963fe8409d70970366fd2b0f931e
-
SHA512
d817b7b1ae98b63d72ab3c1d86827683c1bea3c7e0aac077dab3f4e0f0c5b2e9d0543903a3972e3f67a36f3df4230af8b933e873cd377333e80d159b753d9b9f
-
SSDEEP
98304:V+PoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3X:V+Pe1Cxcxk3ZAEUadzR8yc4gn
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-06_90b76d8062c03096bbe55c23b467e5f2_wannacry.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-06_90b76d8062c03096bbe55c23b467e5f2_wannacry.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
2024-03-06_90b76d8062c03096bbe55c23b467e5f2_wannacry
-
Size
3.4MB
-
MD5
90b76d8062c03096bbe55c23b467e5f2
-
SHA1
3ea2d886fac71f20cecbc7ddf3224d40159be2d9
-
SHA256
080eaa295ba60a5546ab7d0a82ea410e35d5963fe8409d70970366fd2b0f931e
-
SHA512
d817b7b1ae98b63d72ab3c1d86827683c1bea3c7e0aac077dab3f4e0f0c5b2e9d0543903a3972e3f67a36f3df4230af8b933e873cd377333e80d159b753d9b9f
-
SSDEEP
98304:V+PoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3X:V+Pe1Cxcxk3ZAEUadzR8yc4gn
-
Detects command variations typically used by ransomware
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1