General
-
Target
IMG_20240310_184106.jpg
-
Size
57KB
-
Sample
240316-wlkq2sgc2v
-
MD5
506caf16009f6206c82f40be26c293ce
-
SHA1
f163b3c98326d94ade43bda3a54d3902f65894d3
-
SHA256
0935d0e03118df8da87c810cdc09277f7cf7da85817e555d4c5c6042102f5bb1
-
SHA512
06a59e49638c19e971356d84fa905bd72438c4ea547d6913d4318753c17c3742a7d1544d883eb8af388c4885daa9a2403eefcca8eb6efc722196239f2a991bc5
-
SSDEEP
1536:8orcpLSre645qWilo9ErSx7eLy4oo++wtZvjEI68d:8orE2re6Si8Er/W4ojPd
Static task
static1
Behavioral task
behavioral1
Sample
IMG_20240310_184106.jpg
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
IMG_20240310_184106.jpg
-
Size
57KB
-
MD5
506caf16009f6206c82f40be26c293ce
-
SHA1
f163b3c98326d94ade43bda3a54d3902f65894d3
-
SHA256
0935d0e03118df8da87c810cdc09277f7cf7da85817e555d4c5c6042102f5bb1
-
SHA512
06a59e49638c19e971356d84fa905bd72438c4ea547d6913d4318753c17c3742a7d1544d883eb8af388c4885daa9a2403eefcca8eb6efc722196239f2a991bc5
-
SSDEEP
1536:8orcpLSre645qWilo9ErSx7eLy4oo++wtZvjEI68d:8orE2re6Si8Er/W4ojPd
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3Pre-OS Boot
1Bootkit
1