Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
25-03-2024 08:24
General
-
Target
2024-03-25_7608b7375801031c8dfc7f8dc694dd70_wannacry.exe
-
Size
5.0MB
-
MD5
7608b7375801031c8dfc7f8dc694dd70
-
SHA1
6ceef47328d54e966a7d3503f76c5746235a65ce
-
SHA256
5316baecafb6a41da7d169b66629675bfac0bbb0cbbf781adf87547c68dd0975
-
SHA512
3c75cb6ba84de6b01f6af5c36704ea290147e188a02fa985179af5bf8cb6637f36f21967954f92d6c6d03568a78e515f1c0571aa9ea5bfc3ec5f5be47e042f3f
-
SSDEEP
49152:VnAQqMSPbcBVQej/1INRx+TSqTdd1HkQo6S:ZDqPoBhz1aRxcSUZk36S
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3265) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-25_7608b7375801031c8dfc7f8dc694dd70_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-25_7608b7375801031c8dfc7f8dc694dd70_wannacry.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2024-03-25_7608b7375801031c8dfc7f8dc694dd70_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-03-25_7608b7375801031c8dfc7f8dc694dd70_wannacry.exe -m security1⤵
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD5936ac6dc8ead0decc586651882460294
SHA178f74f1aa4b72e805169c4ed3549077826c2f2ed
SHA256c41320b0761da87c4ab4452e763ba965e261bdebd6c7cdd43ea68885c16b624a
SHA5126d531a9ef1c18857db066d95a2be2009ec6a7ea7f8adeb136e31196f937b9e4ecd6a5df9ce95aa1fba7d3e430c2b4becf31bfa664b56ff70c54468e8d734a4c1