Overview

overview

10

Static

static

3

Crack/Keygen.exe

windows7-x64

1

Crack/Keygen.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Crack.rar

  • Size

    34KB

  • Sample

    240309-j9g9lseb66

  • MD5

    6e3b758f66ad4ffe0517fb7d0c80347e

  • SHA1

    66c4c860dd92c90c388b1ee3cf9749ce126dc079

  • SHA256

    a59e7c4d5e92665f25d5c93eba73804364a8ec3cd600fc10f5ece38d60c15d46

  • SHA512

    a39ac03242a744f272dea11419d761052b2071e8c119457c59a571a666026ae91065b227fb3f581e093a2363fb9a8bb8c19dd225791a053fc503cdaef76de7cf

  • SSDEEP

    768:Fz6Gz7aqquSAqI94qm0WY7ZamIcTcPt2TVp/4qrAaK:x6NqD1vmBCZH3Tmt2ppwZd

Score
10/10
wannacrydiscoverypersistenceransomwarespywarestealerupxworm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

    • Target

      Crack/Keygen.exe

    • Size

      47KB

    • MD5

      38f93b2d9313c53f1de7222550f1d6d3

    • SHA1

      11384e7845abff814eb04e4c6fb35a28003814fd

    • SHA256

      244113c644ffe40bdd67d23d1d6261ccf7875af5ff5b80b1ecacf84d7542a487

    • SHA512

      cbcb370b1cbfe62b85d3236345ff937c88226f3bbce728a66f0cb303fec35402fd105e680da899afb7ff74c8ab8687c8e039a3fabf1b072cc58ee2e51472f3ba

    • SSDEEP

      768:pXMi+u07J5Q9tTD6IA6WfFhi9ShUD+G3eKf05txp/2/UM5uYEYwt:pchvQHD6I5WfFIShUr3XSp2UM5u7Ywt

    Score
    10/10
    wannacrydiscoverypersistenceransomwarespywarestealerupxworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks