General
-
Target
Ransomware.WannaCry.zip
-
Size
143KB
-
Sample
240319-wxqrfabf5v
-
MD5
3271bf4cfeb66fde40113dc528b78102
-
SHA1
a89f3f34e507d099214c8d031d844649f4ca641d
-
SHA256
d98553319940363a0bfbda3df88c1999efe295a0196ae33797313b4fff541097
-
SHA512
042b8170d4000b410e95d05fba0bd2e03a4255ee5db9133c9722a8bad2f75fef3eb955e1e91006713fe94e1c1684f86859a8d5f2a5a75fe0119ab00195122851
-
SSDEEP
3072:r3fpoQvMBynzN4GuhBjSX+kb2d7JmPGnkgX+mU56xtZQ821caOzNN9y2MDuqJo7+:ZDuqJOfWGVSgE29xxspm0n1vuz3dG9gg
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.WannaCry.zip
Resource
win11-20240221-en
Malware Config
Extracted
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
Ransomware.WannaCry.zip
-
Size
143KB
-
MD5
3271bf4cfeb66fde40113dc528b78102
-
SHA1
a89f3f34e507d099214c8d031d844649f4ca641d
-
SHA256
d98553319940363a0bfbda3df88c1999efe295a0196ae33797313b4fff541097
-
SHA512
042b8170d4000b410e95d05fba0bd2e03a4255ee5db9133c9722a8bad2f75fef3eb955e1e91006713fe94e1c1684f86859a8d5f2a5a75fe0119ab00195122851
-
SSDEEP
3072:r3fpoQvMBynzN4GuhBjSX+kb2d7JmPGnkgX+mU56xtZQ821caOzNN9y2MDuqJo7+:ZDuqJOfWGVSgE29xxspm0n1vuz3dG9gg
Score10/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1