Overview

overview

10

Static

static

3

Security.exe

windows7-x64

1

Security.exe

windows10-2004-x64

1

Security_x64.exe

windows7-x64

1

Security_x64.exe

windows10-2004-x64

1

Setup1.exe

windows7-x64

3

Setup1.exe

windows10-2004-x64

3

hh.exe

windows7-x64

1

hh.exe

windows10-2004-x64

1

mssecsvc.exe

windows7-x64

10

mssecsvc.exe

windows10-2004-x64

10

qeriuwjhrf.exe

windows7-x64

qeriuwjhrf.exe

windows10-2004-x64

tasksche.exe

windows7-x64

tasksche.exe

windows10-2004-x64

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 13:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mssecsvc.exe

  • Size

    3.6MB

  • MD5

    2cb069c56956bb9b6e62d393758d61a7

  • SHA1

    220f4451f7ec2de03b482ddcf28c6ecda3e5366f

  • SHA256

    0791f5ae5cbeec298082736457292521b23874ae0e77506c4ea12e65e3d2e52f

  • SHA512

    13f47349f24593b4a0eb3094e816cf5c4bc826dc9a08c0ec9f5a4a55a17412b59fc6cfb2dcadbe1222c35e6d991e05605bf7db98b53557a2c128e831171babf3

  • SSDEEP

    98304:yDqPoO1aRxcSUDk36SAEdhvxWa9P593RU:yDqPj1Cxcxk3ZAEUadzRU

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3179) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe
    "C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe"
    1⤵
    • Drops file in Windows directory
    PID:2276
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2544
  • C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe
    C:\Users\Admin\AppData\Local\Temp\mssecsvc.exe -m security
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    d59d6d48c3d6e9292c296e557a186391

    SHA1

    7f0916d7befcf929521087cde11b6d94d7331154

    SHA256

    905ad8e2fc1f98ab1e934de1d01d85973291ccadd41c85ba1a7dcc3b2af6ed96

    SHA512

    7b2fc97070ac47e6596cfe0da96b1b1369feeb4ab62af136f172ee306187cee3e04b68b8f786d7b4b4dee49054d53a33cd8048abdc8cba9853b3e119a08ac23e

    Download Submit