General
-
Target
combase_64.dll.mui
-
Size
22.4MB
-
Sample
240417-bts26shh34
-
MD5
1e2ff3166098b56f236723397be67e3d
-
SHA1
6241a0a48b41cd0e04cf2e05917000c5c5f89561
-
SHA256
fa3550f2dd13a40dea30c659e1851bdf59364f68dc2b7be9067772117d6b0928
-
SHA512
b8762bed4f18796a6af76698ccf535be4d9c495217547c5879fc69d924265b41588f7f0fb55f8bdccc63f609e53a0d7b2637338b6daff313ced1e463288ad14a
-
SSDEEP
393216:j0kYUOCNzlDcMyY8vgoxT8X7lyBjmp2WEap1BaO1p8zm1HLUCPFXX9ev:prOC/Ce78xmp2WEap1GzAUC9n9ev
Static task
static1
Behavioral task
behavioral1
Sample
combase_64.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
combase_64.dll
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
combase_64.dll.mui
-
Size
22.4MB
-
MD5
1e2ff3166098b56f236723397be67e3d
-
SHA1
6241a0a48b41cd0e04cf2e05917000c5c5f89561
-
SHA256
fa3550f2dd13a40dea30c659e1851bdf59364f68dc2b7be9067772117d6b0928
-
SHA512
b8762bed4f18796a6af76698ccf535be4d9c495217547c5879fc69d924265b41588f7f0fb55f8bdccc63f609e53a0d7b2637338b6daff313ced1e463288ad14a
-
SSDEEP
393216:j0kYUOCNzlDcMyY8vgoxT8X7lyBjmp2WEap1BaO1p8zm1HLUCPFXX9ev:prOC/Ce78xmp2WEap1GzAUC9n9ev
Score10/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1