General
-
Target
1635452090191517096.ico
-
Size
229KB
-
Sample
240411-wpjyxsgh37
-
MD5
30d065cb2bf733456114f25755cfc795
-
SHA1
fcdcb0fad3af9f3d9f2192dc56178b61eea3b660
-
SHA256
922a1d2631866ed3a8d2343d578d1daad53a5f220a72271fe3f0526f7972a402
-
SHA512
42ccb3e1d4c0ac243eee437c345cfe6f20e77548c05bbfb5b0d0d2101201e2da75b3e492978cb4a00cff4e07b64b52967843f9721aed50658adcb7298a125e1b
-
SSDEEP
6144:BYvBOoisQ+/mKCKtJnBKCvsUFhSh6euW+PJZmz:mM4NvBK0sCheKW+PJZmz
Static task
static1
Behavioral task
behavioral1
Sample
1635452090191517096.ico
Resource
win11-20240221-en
Malware Config
Extracted
C:\Users\Admin\Downloads\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
1635452090191517096.ico
-
Size
229KB
-
MD5
30d065cb2bf733456114f25755cfc795
-
SHA1
fcdcb0fad3af9f3d9f2192dc56178b61eea3b660
-
SHA256
922a1d2631866ed3a8d2343d578d1daad53a5f220a72271fe3f0526f7972a402
-
SHA512
42ccb3e1d4c0ac243eee437c345cfe6f20e77548c05bbfb5b0d0d2101201e2da75b3e492978cb4a00cff4e07b64b52967843f9721aed50658adcb7298a125e1b
-
SSDEEP
6144:BYvBOoisQ+/mKCKtJnBKCvsUFhSh6euW+PJZmz:mM4NvBK0sCheKW+PJZmz
-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3