Overview
overview
10Static
static
3eeeeeeeeee...00.exe
windows7-x64
eeeeeeeeee...00.exe
windows10-2004-x64
eeeeeeeeee...um.exe
windows7-x64
10eeeeeeeeee...um.exe
windows10-2004-x64
10eeeeeeeeee...ug.exe
windows7-x64
6eeeeeeeeee...ug.exe
windows10-2004-x64
6eeeeeeeeee...le.exe
windows7-x64
1eeeeeeeeee...le.exe
windows10-2004-x64
1eeeeeeeeee...er.exe
windows7-x64
7eeeeeeeeee...er.exe
windows10-2004-x64
7eeeeeeeeee...us.exe
windows7-x64
1eeeeeeeeee...us.exe
windows10-2004-x64
1MEMZ 3.0/MEMZ.bat
windows7-x64
7MEMZ 3.0/MEMZ.bat
windows10-2004-x64
7MEMZ 3.0/MEMZ.exe
windows7-x64
6MEMZ 3.0/MEMZ.exe
windows10-2004-x64
7eeeeeeeeee...MZ.bat
windows7-x64
7eeeeeeeeee...MZ.bat
windows10-2004-x64
7eeeeeeeeee...MZ.exe
windows7-x64
6eeeeeeeeee...MZ.exe
windows10-2004-x64
7eeeeeeeeee...ld.exe
windows7-x64
3eeeeeeeeee...ld.exe
windows10-2004-x64
7eeeeeeeeee....A.exe
windows7-x64
6eeeeeeeeee....A.exe
windows10-2004-x64
6eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...15.exe
windows7-x64
3eeeeeeeeee...15.exe
windows10-2004-x64
3eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...0r.exe
windows7-x64
10eeeeeeeeee...0r.exe
windows10-2004-x64
10Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10General
-
Target
eeeeeeeeeeeeee.zip
-
Size
82.4MB
-
Sample
240311-blpd1sgf9v
-
MD5
bf78359f6f126b4216ace9edf63f1b39
-
SHA1
d59846e938348f7a3c48b6cc304545a6ed87816c
-
SHA256
734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538
-
SHA512
1fc2cdccf5dd6956896d1d90e0cbdf20e02b2586b59736921de9811dafec9c6ffeeb5082a56b3dd4a13283b7a08163cbea5576bd869f7b841a801b2962ef3dfa
-
SSDEEP
1572864:WuWJiEjJ5HXL3sPp12Elt9J/oQnQbz0Tipr4mUOzOgwLNL+mTdmOyd:W1Ji+HXL3sPyC9RoFwid4qnwZCmTdm3d
Static task
static1
Behavioral task
behavioral1
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
-
Size
6.7MB
-
MD5
f2b7074e1543720a9a98fda660e02688
-
SHA1
1029492c1a12789d8af78d54adcb921e24b9e5ca
-
SHA256
4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
-
SHA512
73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff
-
SSDEEP
3072:eaLA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuz1o9Y:fLJlC6j0CX4XmvWHVcd62uO9
Score8/10-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
-
Size
739KB
-
MD5
382430dd7eae8945921b7feab37ed36b
-
SHA1
c95ddaebe2ae8fbcb361f3bf080d95a7bb5bf128
-
SHA256
70e5e902d0ac7534838b743c899f484fe10766aefacc6df697219387a8e3d06b
-
SHA512
26abc02bde77f0b94613edc32e0843ac71a0a8f3d8ba01cb94a42c047d0be7befef52a81984e9a0fa867400082a8905e7a63aaaf85fa32a03d27f7bc6a548c3b
-
SSDEEP
12288:kUWA3AheuswygKEOKlC0DaWL8ldxj1UT1fzosC2kyINJATi1v2yUQpf84i:kUWqistgKErL8P6VzosCfE6TNpf8D
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
-
Size
53KB
-
MD5
6536b10e5a713803d034c607d2de19e3
-
SHA1
a6000c05f565a36d2250bdab2ce78f505ca624b7
-
SHA256
775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
-
SHA512
61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
-
SSDEEP
1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX
Score6/10-
Adds Run key to start application
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
-
Size
239KB
-
MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7
-
SHA1
f8940f280c81273b11a20d4bfb43715155f6e122
-
SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6
-
SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8
-
SSDEEP
3072:r/3qftCdbSFtY8Zf8pOk0rHitNWIekbnfFPsr24Cv/Eng9m3ihlCeKH6Fb6aX3WA:WoI/rC0k7ar68nimCYHe3qZr0SlC
Score1/10 -
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
-
Size
396KB
-
MD5
13f4b868603cf0dd6c32702d1bd858c9
-
SHA1
a595ab75e134f5616679be5f11deefdfaae1de15
-
SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
-
SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24
-
SSDEEP
12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
-
Size
1.9MB
-
MD5
cb02c0438f3f4ddabce36f8a26b0b961
-
SHA1
48c4fcb17e93b74030415996c0ec5c57b830ea53
-
SHA256
64677f7767d6e791341b2eac7b43df90d39d9bdf26d21358578d2d38037e2c32
-
SHA512
373f91981832cd9a1ff0b8744b43c7574b72971b5b6b19ea1f4665b6c878f7a1c7834ac08b92e0eca299eb4b590bf10f48a0485350a77a5f85fc3d2dd6913db3
-
SSDEEP
49152:p/VoMTzwF77l0VqmuTefhLTtk31XyXb9:ptoMTzwVmq3ettk31ob9
Score1/10 -
-
-
Target
MEMZ 3.0/MEMZ.bat
-
Size
12KB
-
MD5
13a43c26bb98449fd82d2a552877013a
-
SHA1
71eb7dc393ac1f204488e11f5c1eef56f1e746af
-
SHA256
5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
-
SHA512
602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
-
SSDEEP
384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
MEMZ 3.0/MEMZ.exe
-
Size
12KB
-
MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91
-
SHA1
761168201520c199dba68add3a607922d8d4a86e
-
SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
-
SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
SSDEEP
192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
-
Size
12KB
-
MD5
13a43c26bb98449fd82d2a552877013a
-
SHA1
71eb7dc393ac1f204488e11f5c1eef56f1e746af
-
SHA256
5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
-
SHA512
602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
-
SSDEEP
384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
-
Size
12KB
-
MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91
-
SHA1
761168201520c199dba68add3a607922d8d4a86e
-
SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
-
SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
SSDEEP
192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
-
Size
9.7MB
-
MD5
1f13396fa59d38ebe76ccc587ccb11bb
-
SHA1
867adb3076c0d335b9bfa64594ef37a7e2c951ff
-
SHA256
83ecb875f87150a88f4c3d496eb3cb5388cd8bafdff4879884ececdbd1896e1d
-
SHA512
82ca2c781bdaa6980f365d1eedb0af5ac5a80842f6edc28a23a5b9ea7b6feec5cd37d54bd08d9281c9ca534ed0047e1e234873b06c7d2b6fe23a7b88a4394fdc
-
SSDEEP
196608:CtbTP1ErBwMQjd1YTHdmpCP2PVgP/acIE/xQ0zyZejVk+YzbRdTZ:C1E1+dYx6OP9hdyZwV4zd
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
-
Size
225KB
-
MD5
af2379cc4d607a45ac44d62135fb7015
-
SHA1
39b6d40906c7f7f080e6befa93324dddadcbd9fa
-
SHA256
26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739
-
SHA512
69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99
-
SSDEEP
6144:DCyjXhd1mialK+qoNr8PxtZE6x5v+k6f:rjXhd8ZlKOrMZE6x5b6f
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
-
Size
904KB
-
MD5
0315c3149c7dc1d865dc5a89043d870d
-
SHA1
f74546dda99891ca688416b1a61c9637b3794108
-
SHA256
90c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9
-
SHA512
7168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112
-
SSDEEP
24576:bnQv6Dyxn2Qx0KHizHWKxHuyCcZFyXR1tG:2OE2QtCzhh/7R
Score8/10-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
-
Size
1.2MB
-
MD5
d5e5853f5a2a5a7413f26c625c0e240b
-
SHA1
0ced68483e7f3742a963f2507937bb7089de3ffe
-
SHA256
415dd13c421a27ed96bf81579b112fbac05862405e9964e24ec8e9d4611d25f3
-
SHA512
49ea9ab92ce5832e702fac6f56a7f7168f60d8271419460ed27970c4a0400e996c2ea097636fc145e355c4df5cfbf200b7bf3c691133f72e4cad228f570b91e4
-
SSDEEP
12288:QH1eYXlVeneL/AuCeGhqzjheKTnHdQSR9wlPlVlbzl+lwlElPS3PomNX:QVZVeneLYcmiN7Q6Md3dMyuI
Score3/10 -
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
-
Size
39.6MB
-
MD5
b949ba30eb82cc79eeb7c2d64f483bcb
-
SHA1
8361089264726bb6cff752b3c137fde6d01f4d80
-
SHA256
5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
-
SHA512
e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
-
SSDEEP
786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa
Score8/10-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
-
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify Tools
2Indicator Removal
2File Deletion
2Modify Registry
11Pre-OS Boot
1Bootkit
1