Extracted

• • Target

    f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e

  • Size

    3.3MB

  • MD5

    9918e072f80c135437cd7e4ccc1a9687

  • SHA1

    ffa5e1f7dcad49ef81362218701b38e32a50cbb1

  • SHA256

    f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e

  • SHA512

    9b9f2940265482eaa2b9bf968f2c7d9bd0e8ae1dd41591a3e08b67c02e467eb17abb7ffc47359645edb13e0608a21ed5c80c36ce46bb26c8a1e75b7283cab846

  • SSDEEP

    98304:S77ZW33iACapTZ2puSFpnn91ByS30A/GRa:S77EPHw48Jn917EA/G0

  Score

  7^/10

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2

• • Target

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

  • Size

    3.4MB

  • MD5

    84c82835a5d21bbcf75a61706d8ab549

  • SHA1

    5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

  • SHA256

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

  • SHA512

    90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

  • SSDEEP

    98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

  Score

  10^/10

  wannacrydiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral3behavioral4