General
-
Target
Ransomware.WannaCry.zip
-
Size
144KB
-
Sample
240406-mwcczsge6w
-
MD5
f754fa8eaf2cf8d1a308c1d10c63ffdd
-
SHA1
d661ce374e5d8100ce833d43458cc8e58e1fd773
-
SHA256
72527b293cf981ffaba2f9ef7861471565a1f8690eed7ce5a61b683397ea6e8c
-
SHA512
ffac5d4e7bf030a38fc05164f3068abda05d4b85a5a89ee88d66d9427c166a5621305f9fa4622d11401ed200a285eb234af215a7ec850638aa0522148b5cf8d8
-
SSDEEP
3072:AWfoE0MBy2RzDN5boNnBFS2X+kRDwd7Mmzc8N3+71G5hOtHQwBK1rTh3X9Mma/DW:QDuqJWfPAVSgE29xxspm0n1vuz3C9SvC
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.WannaCry.zip
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
Ransomware.WannaCry.zip
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
Ransomware.WannaCry.zip
-
Size
144KB
-
MD5
f754fa8eaf2cf8d1a308c1d10c63ffdd
-
SHA1
d661ce374e5d8100ce833d43458cc8e58e1fd773
-
SHA256
72527b293cf981ffaba2f9ef7861471565a1f8690eed7ce5a61b683397ea6e8c
-
SHA512
ffac5d4e7bf030a38fc05164f3068abda05d4b85a5a89ee88d66d9427c166a5621305f9fa4622d11401ed200a285eb234af215a7ec850638aa0522148b5cf8d8
-
SSDEEP
3072:AWfoE0MBy2RzDN5boNnBFS2X+kRDwd7Mmzc8N3+71G5hOtHQwBK1rTh3X9Mma/DW:QDuqJWfPAVSgE29xxspm0n1vuz3C9SvC
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1