General
-
Target
2024-04-21_775d208b3387e431cf504d70eda22a36_wannacry
-
Size
3.4MB
-
Sample
240421-gd1pzach2w
-
MD5
775d208b3387e431cf504d70eda22a36
-
SHA1
4e11d1b6d3ce1e3750c686c29c3d07eb52b39a05
-
SHA256
85f10bb9014cd3cfcff3337615d12d81778725782b8fe7a2a44d7caf212953d9
-
SHA512
6a6d61ceb42bb98ff8a027c359fd8822bb388aece3062c04921907a283c6bba08f1eeaaf76827d5a872263c37707fdb7e206b35eb624e036dcb0635744b81e92
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3l:QqPe1Cxcxk3ZAEUadzR8yc4g1
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-21_775d208b3387e431cf504d70eda22a36_wannacry.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-04-21_775d208b3387e431cf504d70eda22a36_wannacry.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\Documents\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
2024-04-21_775d208b3387e431cf504d70eda22a36_wannacry
-
Size
3.4MB
-
MD5
775d208b3387e431cf504d70eda22a36
-
SHA1
4e11d1b6d3ce1e3750c686c29c3d07eb52b39a05
-
SHA256
85f10bb9014cd3cfcff3337615d12d81778725782b8fe7a2a44d7caf212953d9
-
SHA512
6a6d61ceb42bb98ff8a027c359fd8822bb388aece3062c04921907a283c6bba08f1eeaaf76827d5a872263c37707fdb7e206b35eb624e036dcb0635744b81e92
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3l:QqPe1Cxcxk3ZAEUadzR8yc4g1
-
Detects command variations typically used by ransomware
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1