Resubmissions
20-04-2024 15:06
240420-sg4ftabg3z 10General
-
Target
FMBackground1.jpg
-
Size
65KB
-
Sample
240420-sg4ftabg3z
-
MD5
fc0dc4b4ccdf6828736bad5b4172e455
-
SHA1
04f2bf78038d2a228318ed90deb77e2cdd8da50d
-
SHA256
cfeb28037cbe8301b0412ee90d5a85821c59234444ccae927fc3b720c3a66d2a
-
SHA512
6cb3b41833381ade38b26c6c8c934fae4696ded819510245cfb04835ed8263884ac3c0caa5b440f4855ce66c2b50098fe333711e86d7666ae19abf00dea4eef2
-
SSDEEP
1536:TjhhyHra+S1oz5zWbusxhWzCF0zV8w5NTSXUoqMVTBqomB60zr:TjyLBSG9zCuUhWqwuwfSrqMVE1
Static task
static1
Behavioral task
behavioral1
Sample
FMBackground1.jpg
Resource
win11-20240412-en
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
FMBackground1.jpg
-
Size
65KB
-
MD5
fc0dc4b4ccdf6828736bad5b4172e455
-
SHA1
04f2bf78038d2a228318ed90deb77e2cdd8da50d
-
SHA256
cfeb28037cbe8301b0412ee90d5a85821c59234444ccae927fc3b720c3a66d2a
-
SHA512
6cb3b41833381ade38b26c6c8c934fae4696ded819510245cfb04835ed8263884ac3c0caa5b440f4855ce66c2b50098fe333711e86d7666ae19abf00dea4eef2
-
SSDEEP
1536:TjhhyHra+S1oz5zWbusxhWzCF0zV8w5NTSXUoqMVTBqomB60zr:TjyLBSG9zCuUhWqwuwfSrqMVE1
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3