Overview

overview

10

Static

static

3

2024-03-11...ry.exe

windows7-x64

10

2024-03-11...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-03-2024 09:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-11_085a2eda5f509d08ae709fd1540e6e35_wannacry.exe

  • Size

    3.6MB

  • MD5

    085a2eda5f509d08ae709fd1540e6e35

  • SHA1

    3bf2d6cc073025692645bafbd388492cd90b090f

  • SHA256

    7ff10853a16615a26f5912519335682df0e527cd220319a6dba15f1fa805679f

  • SHA512

    a1d5bd0e55bec90d09a816798689693197f65cb7443e3209fff163835291a28bbd946e9de5eae4e1e53cafb2b0a6fbb04b6c347938e8a0a3c97e6c2b0fe095be

  • SSDEEP

    12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPUi:2bLgddQhfdmMSirYbcS

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3056) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-11_085a2eda5f509d08ae709fd1540e6e35_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-11_085a2eda5f509d08ae709fd1540e6e35_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    PID:2368
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2536
  • C:\Users\Admin\AppData\Local\Temp\2024-03-11_085a2eda5f509d08ae709fd1540e6e35_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-03-11_085a2eda5f509d08ae709fd1540e6e35_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    6552c6e51e566e3f3d50b1b0404d33eb

    SHA1

    352bd30c4c901771b5fb5812f74fd515d9857953

    SHA256

    2176b5d60ba1c7d03d8738a014a552c4f47c94ba11a4ed2ab79c3bda3c2f57ec

    SHA512

    3ddcd1f3f888f53cf196b718119272fcfb5a13c87138d8bce548ca37a7ca9289ef0b99c0d36cc085278638633fa90c0056241b250c9c4cd002e110a4d065e9f4

    Download Submit