General
-
Target
winmugen.exe
-
Size
728KB
-
Sample
240320-1faq4scg3y
-
MD5
6ab193c70ef923b6154eafb1ee2e696a
-
SHA1
53d593a6ddac66b983b1794f64ea97c98ead9913
-
SHA256
92b3b971492599d2e1b08719dd5a7859431bc743292c3395621f2bbd215e6c16
-
SHA512
964b880510669f1c8a7698027e706be4aefb3fc6db5115016ff261193f45f21b98f6d68d9a1c4d268b71251de483ac075a020118ae40a875f47bc6dc5e12c9a1
-
SSDEEP
12288:ajIz30Z/s+e9+N4mYS0x0I2fEKs7hkpOxiO0yRB1ykhIKCPHr7dES6Ync8lL:ajIz3093Y+uDS06I5KFkxid6BogIKCDf
Static task
static1
Behavioral task
behavioral1
Sample
winmugen.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
winmugen.exe
-
Size
728KB
-
MD5
6ab193c70ef923b6154eafb1ee2e696a
-
SHA1
53d593a6ddac66b983b1794f64ea97c98ead9913
-
SHA256
92b3b971492599d2e1b08719dd5a7859431bc743292c3395621f2bbd215e6c16
-
SHA512
964b880510669f1c8a7698027e706be4aefb3fc6db5115016ff261193f45f21b98f6d68d9a1c4d268b71251de483ac075a020118ae40a875f47bc6dc5e12c9a1
-
SSDEEP
12288:ajIz30Z/s+e9+N4mYS0x0I2fEKs7hkpOxiO0yRB1ykhIKCPHr7dES6Ync8lL:ajIz3093Y+uDS06I5KFkxid6BogIKCDf
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3