Extracted

• • Target

    CPU-Tweaker.zip

  • Size

    435KB

  • MD5

    8497e43e40923d8bd6e22063cbb37684

  • SHA1

    6786c127089b4eb6c424f308b78986bbb5d99e08

  • SHA256

    96596a4011d86c9a650d3729189c48ccfa9047b76d75fdc4d19d54e1595dc5b5

  • SHA512

    56dd6f581fc719565393f2d67492419e4498970df65f646bebb2252f85fe58124c73f490cb1af286737717972defac4985a4750fa7b49274041791e4cfad40a3

  • SSDEEP

    6144:qRQ5oTggx6yp+U70GcEYfax4vDQB8zjdp/yhFAwQlj0QOQooo6ftv6DHEW/0x3WC:eQ5oTBzmfQYcmzjr3/uY7pwGhlo04s

  Score

  1^/10
  behavioral1behavioral2

• • Target

    CPU-Tweaker/COPYRIGHT.txt

  • Size

    1KB

  • MD5

    e09604177a6ac3ef0aa5e5a7b9942595

  • SHA1

    54cc4c7278af15a76b8ed2cb53a31a22c7e36cdb

  • SHA256

    a13201b257682de3402c96e935bb5a678a2f88ee48f1966f0a673dbc78b4a9f1

  • SHA512

    d73bed2563f8340e4b0fdc24e5f644195a258deb62c5bba2943ed06de1baf90d3de37af0d6f764a70150d54d225f2ed357ee749245334160af8962f2bc75a8e6

  Score

  10^/10

  wannacrydiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral3behavioral4

• • Target

    CPU-Tweaker/CPU-Tweaker.exe

  • Size

    1.0MB

  • MD5

    0cb84898897e4b68e8f2a946072aa51d

  • SHA1

    1775b18f1d13f7c83f1763e10650650b7043caad

  • SHA256

    4d7a9f7a3aef18855e97a6f1ab788cb73d69cd2ec9e7c664f8bfa999c3e67b8e

  • SHA512

    10b13d7a6f2ce6d33ea57745c2cea1b97215b84904bf51493ad8a6003bf1e6a7610f6a7dd6a7813ed87c0d77ba20815b21a887997cc54bbd4487ca910b74f1a0

  • SSDEEP

    12288:c903ETl7ITN70a1ODJP2VzcsiLJvADtdeMxvFsAfoCqapDXu1o67K+f:c2UTpITa+gJP2esiLNAKMnuNaABhf

  Score

  1^/10
  behavioral5behavioral6

• • Target

    CPU-Tweaker/WinRing0.dll

  • Size

    60KB

  • MD5

    1f22425d5d2e3791699534b7b1a93fac

  • SHA1

    fec060e4a75c963034cdbbeefa6e669465db2de3

  • SHA256

    b906c9e82ccefeb2d620d232cb8d18ab98de383bb152cf75325ce3330de9bdd2

  • SHA512

    25400b5cbfe38a438135f11e927805dcf57d015187cc2a2caf3e68a405c6418a685e347d136dc3299e856458b471a2a00eb722b6e45a9259a20323dc38fcb335

  • SSDEEP

    768:HllLKd6z4NvfBF39wmbl6pQD4PLpt0j5nyq1yTtIJnp:nMfRFhYVt0j5n+tIJn

  Score

  1^/10
  behavioral7behavioral8

• • Target

    CPU-Tweaker/WinRing0.sys

  • Size

    14KB

  • MD5

    f6a558724f631ba04cdabfeaf99f4b2e

  • SHA1

    da86eb2b9224b9987770c167f9b81111da533c48

  • SHA256

    ecf25b107475e1ceee90a208c677e29ccca26dc528fdffd0f728a71e6ec04c34

  • SHA512

    125714286ae77f50fc74152a34ed4b0e387371520c6e55e8b17c489c71ff52bcb13b20b0186cff1a6c168a66c81af9e35585e42a91539c0ce805d194f8314ebc

  • SSDEEP

    384:6aK/+pGKC8tSXM9H/SqPTWGYOf2OJ06dUb+:hLHrtfSJi

  Score

  1^/10
  behavioral10behavioral9

• • Target

    CPU-Tweaker/WinRing0x64.sys

  • Size

    14KB

  • MD5

    12cecc3c14160f32b21279c1a36b8338

  • SHA1

    7fb52290883a6b69a96d480f2867643396727e83

  • SHA256

    47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84

  • SHA512

    a1a46f83fad9ea7f0f163e3636cf34345334e8bc84721b78e3cb9bd7fd83eab9d257f285337b95aeba1dbaab6b230219e2f1e4ca531a5220df6c0d5c2399297b

  • SSDEEP

    192:FWfBBN1v4FSqzT9oGYJh1wAoxhSF6OOoe068jSJUbueq16lGPtP:IbN1v4FSqzTWGYOf2OJ06dUb+8l

  Score

  1^/10
  behavioral11behavioral12