Extracted

• • Target

    Ransomware.WannaCry.zip

  • Size

    144KB

  • MD5

    f754fa8eaf2cf8d1a308c1d10c63ffdd

  • SHA1

    d661ce374e5d8100ce833d43458cc8e58e1fd773

  • SHA256

    72527b293cf981ffaba2f9ef7861471565a1f8690eed7ce5a61b683397ea6e8c

  • SHA512

    ffac5d4e7bf030a38fc05164f3068abda05d4b85a5a89ee88d66d9427c166a5621305f9fa4622d11401ed200a285eb234af215a7ec850638aa0522148b5cf8d8

  • SSDEEP

    3072:AWfoE0MBy2RzDN5boNnBFS2X+kRDwd7Mmzc8N3+71G5hOtHQwBK1rTh3X9Mma/DW:QDuqJWfPAVSgE29xxspm0n1vuz3C9SvC

  Score

  10^/10

  wannacrydiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2