Extracted

• • Target

    @Wanna-Decrypt0r2.0.exe

  • Size

    3.4MB

  • MD5

    84c82835a5d21bbcf75a61706d8ab549

  • SHA1

    5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

  • SHA256

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

  • SHA512

    90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

  • SSDEEP

    98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

  Score

  10^/10

  wannacrydiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1

• • Target

    salinewin.exe

  • Size

    283KB

  • MD5

    2b1e9226d7e1015552a21faca891ec41

  • SHA1

    f87fcbe10fa9312048214d4473498ad4f9f331ce

  • SHA256

    7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada

  • SHA512

    1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e

  • SSDEEP

    3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3

  Score

  8^/10

  bootkitevasionpersistence

  • Disables Task Manager via registry modification

    evasion

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral2