Extracted

• • Target

    Ransomware.WannaCry.zip

  • Size

    143KB

  • MD5

    3271bf4cfeb66fde40113dc528b78102

  • SHA1

    a89f3f34e507d099214c8d031d844649f4ca641d

  • SHA256

    d98553319940363a0bfbda3df88c1999efe295a0196ae33797313b4fff541097

  • SHA512

    042b8170d4000b410e95d05fba0bd2e03a4255ee5db9133c9722a8bad2f75fef3eb955e1e91006713fe94e1c1684f86859a8d5f2a5a75fe0119ab00195122851

  • SSDEEP

    3072:r3fpoQvMBynzN4GuhBjSX+kb2d7JmPGnkgX+mU56xtZQ821caOzNN9y2MDuqJo7+:ZDuqJOfWGVSgE29xxspm0n1vuz3dG9gg

  Score

  10^/10

  wannacrydiscoverypersistenceransomwareworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1