General
-
Target
f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e
-
Size
3.3MB
-
Sample
240325-p6d1nsgc76
-
MD5
9918e072f80c135437cd7e4ccc1a9687
-
SHA1
ffa5e1f7dcad49ef81362218701b38e32a50cbb1
-
SHA256
f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e
-
SHA512
9b9f2940265482eaa2b9bf968f2c7d9bd0e8ae1dd41591a3e08b67c02e467eb17abb7ffc47359645edb13e0608a21ed5c80c36ce46bb26c8a1e75b7283cab846
-
SSDEEP
98304:S77ZW33iACapTZ2puSFpnn91ByS30A/GRa:S77EPHw48Jn917EA/G0
Static task
static1
Behavioral task
behavioral1
Sample
f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e.gz
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e.gz
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e
-
Size
3.3MB
-
MD5
9918e072f80c135437cd7e4ccc1a9687
-
SHA1
ffa5e1f7dcad49ef81362218701b38e32a50cbb1
-
SHA256
f52dc1c4c4aa14e0f6f2d5a523c0dba81ef575e39a753c2a0913fc057501141e
-
SHA512
9b9f2940265482eaa2b9bf968f2c7d9bd0e8ae1dd41591a3e08b67c02e467eb17abb7ffc47359645edb13e0608a21ed5c80c36ce46bb26c8a1e75b7283cab846
-
SSDEEP
98304:S77ZW33iACapTZ2puSFpnn91ByS30A/GRa:S77EPHw48Jn917EA/G0
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1