Overview

overview

10

Static

static

1

search.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    search

  • Size

    86KB

  • Sample

    240415-rzhrdsba4s

  • MD5

    4eca8133dbd8863fd38a7785739d198b

  • SHA1

    e3dfc2a71ac1bcb0fd626920dd65cc0970f24b68

  • SHA256

    7b541dbbcfa236a07fef61e6665b2b6129a2c2336a51fe13c3c89896f78da9c1

  • SHA512

    f013104cbacfb6b595dd776ed2a1663076bc30fd4066fe076542649fb2cc900ea0d82eef2b060060a64f410958cb54227da5c4707e964bd980d4eaadde312f07

  • SSDEEP

    1536:SoM+bG1ToPK98es5w+qDLr+WgSVdgadjtj4oyCyBkJayigA:oToi98es5wTDn+WgSVdHz4oXaNb

Score
10/10
wannacrybootkitdiscoverypersistenceransomwareworm

Malware Config

Targets

    • Target

      search

    • Size

      86KB

    • MD5

      4eca8133dbd8863fd38a7785739d198b

    • SHA1

      e3dfc2a71ac1bcb0fd626920dd65cc0970f24b68

    • SHA256

      7b541dbbcfa236a07fef61e6665b2b6129a2c2336a51fe13c3c89896f78da9c1

    • SHA512

      f013104cbacfb6b595dd776ed2a1663076bc30fd4066fe076542649fb2cc900ea0d82eef2b060060a64f410958cb54227da5c4707e964bd980d4eaadde312f07

    • SSDEEP

      1536:SoM+bG1ToPK98es5w+qDLr+WgSVdgadjtj4oyCyBkJayigA:oToi98es5wTDn+WgSVdHz4oXaNb

    Score
    10/10
    wannacrybootkitdiscoverypersistenceransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks