Extracted

Extracted

• • Target

    2024-04-05_f7ffa30812b4877520c674e446a82363_wannacry

  • Size

    3.4MB

  • MD5

    f7ffa30812b4877520c674e446a82363

  • SHA1

    d238fdd28eeb2975627b3bf0f7dd2f308724ecf8

  • SHA256

    486ed9d8ffcbcf401acb0e98da2d989fb6960567d0f1f7cbde99e8d1393bca1d

  • SHA512

    6c10d9fbe171e315868502afe6e6b022ca516864b66e3e730ccf0d292c6f4fe3903cbc0b31db7e5288194f35ca56dbbc82d46c122c9eb56639035688f2e34cdb

  • SSDEEP

    98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3p:QqPu1Cxcxk3ZAEUadzR8yc4gZ

  Score

  10^/10

  wannacrydiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Detects command variations typically used by ransomware

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2