General
-
Target
2024-04-14_92f6f7061965884a2004cd0c3a75d377_wannacry
-
Size
3.4MB
-
Sample
240414-g631ssee62
-
MD5
92f6f7061965884a2004cd0c3a75d377
-
SHA1
cecdb21ca29e44ae8292333261cd85123c08757e
-
SHA256
1b06912d53715278e01c9d7b738374fe86950de8d6c0f88bc2119277754408bc
-
SHA512
c8bbafc71218ebe5c0ec1d8b44fb9143e3f1dda12fa96de77d170a88f2e52658729dcfaaecbcaed7f508a2a0897ca5a2e14df39c20ec9bc23d63a956a1629ab1
-
SSDEEP
98304:fqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:fqPe1Cxcxk3ZAEUadzR8yc4g
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-14_92f6f7061965884a2004cd0c3a75d377_wannacry.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-14_92f6f7061965884a2004cd0c3a75d377_wannacry.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
2024-04-14_92f6f7061965884a2004cd0c3a75d377_wannacry
-
Size
3.4MB
-
MD5
92f6f7061965884a2004cd0c3a75d377
-
SHA1
cecdb21ca29e44ae8292333261cd85123c08757e
-
SHA256
1b06912d53715278e01c9d7b738374fe86950de8d6c0f88bc2119277754408bc
-
SHA512
c8bbafc71218ebe5c0ec1d8b44fb9143e3f1dda12fa96de77d170a88f2e52658729dcfaaecbcaed7f508a2a0897ca5a2e14df39c20ec9bc23d63a956a1629ab1
-
SSDEEP
98304:fqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:fqPe1Cxcxk3ZAEUadzR8yc4g
-
Detects command variations typically used by ransomware
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1