Extracted

• • Target

    2024-04-14_92f6f7061965884a2004cd0c3a75d377_wannacry

  • Size

    3.4MB

  • MD5

    92f6f7061965884a2004cd0c3a75d377

  • SHA1

    cecdb21ca29e44ae8292333261cd85123c08757e

  • SHA256

    1b06912d53715278e01c9d7b738374fe86950de8d6c0f88bc2119277754408bc

  • SHA512

    c8bbafc71218ebe5c0ec1d8b44fb9143e3f1dda12fa96de77d170a88f2e52658729dcfaaecbcaed7f508a2a0897ca5a2e14df39c20ec9bc23d63a956a1629ab1

  • SSDEEP

    98304:fqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:fqPe1Cxcxk3ZAEUadzR8yc4g

  Score

  10^/10

  wannacrydiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Detects command variations typically used by ransomware

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2