Overview
overview
10Static
static
3WannaCrypt0r.exe
windows7-x64
10WannaCrypt0r.exe
windows10-1703-x64
10WannaCrypt0r.exe
windows10-2004-x64
10WannaCrypt0r.exe
windows11-21h2-x64
10WannaCrypt0r.exe
android-10-x64
WannaCrypt0r.exe
android-11-x64
WannaCrypt0r.exe
android-13-x64
WannaCrypt0r.exe
android-9-x86
WannaCrypt0r.exe
macos-10.15-amd64
1WannaCrypt0r.exe
macos-10.15-amd64
4WannaCrypt0r.exe
debian-12-armhf
WannaCrypt0r.exe
debian-12-mipsel
WannaCrypt0r.exe
debian-9-armhf
WannaCrypt0r.exe
debian-9-mips
WannaCrypt0r.exe
debian-9-mipsel
WannaCrypt0r.exe
ubuntu-18.04-amd64
WannaCrypt0r.exe
ubuntu-20.04-amd64
General
-
Target
WannaCrypt0r.exe
-
Size
3.4MB
-
Sample
240419-lhvrqsdg86
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
Static task
static1
Behavioral task
behavioral1
Sample
WannaCrypt0r.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
WannaCrypt0r.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
WannaCrypt0r.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
WannaCrypt0r.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
WannaCrypt0r.exe
Resource
android-x64-20240221-en
Behavioral task
behavioral6
Sample
WannaCrypt0r.exe
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral7
Sample
WannaCrypt0r.exe
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral8
Sample
WannaCrypt0r.exe
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral9
Sample
WannaCrypt0r.exe
Resource
macos-20240410-en
Behavioral task
behavioral10
Sample
WannaCrypt0r.exe
Resource
macos-20240410-en
Behavioral task
behavioral11
Sample
WannaCrypt0r.exe
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral12
Sample
WannaCrypt0r.exe
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral13
Sample
WannaCrypt0r.exe
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral14
Sample
WannaCrypt0r.exe
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral15
Sample
WannaCrypt0r.exe
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral16
Sample
WannaCrypt0r.exe
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral17
Sample
WannaCrypt0r.exe
Resource
ubuntu2004-amd64-20240221-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
WannaCrypt0r.exe
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1