General
-
Target
Juan_Jose_Arroyave.pptx
-
Size
391KB
-
Sample
240422-14kafsha7z
-
MD5
1ed8af1936be540d5ebb0eca5467ac4b
-
SHA1
977994b9053c82f37579963e0e1383cc4095f64e
-
SHA256
05eb98b16f214cef97d3041a93a801329f76e8e8066df37ef0f3720e5654387e
-
SHA512
0d96f86882feef2e33caf48125285ed0aa653e7469a0b0775f80d400860f6ce9ab7a5015373ee2c7758151360da2555934391f964807c7fdb0dcf41ff847dc41
-
SSDEEP
12288:Qarbw6IRkt1T9+41zD/n/r8ge0hJ5hM6RINgyV:QaA6IaH+45/n/r8ge0Y6RyHV
Static task
static1
Behavioral task
behavioral1
Sample
Juan_Jose_Arroyave.pptx
Resource
win10-20240404-es
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
Juan_Jose_Arroyave.pptx
-
Size
391KB
-
MD5
1ed8af1936be540d5ebb0eca5467ac4b
-
SHA1
977994b9053c82f37579963e0e1383cc4095f64e
-
SHA256
05eb98b16f214cef97d3041a93a801329f76e8e8066df37ef0f3720e5654387e
-
SHA512
0d96f86882feef2e33caf48125285ed0aa653e7469a0b0775f80d400860f6ce9ab7a5015373ee2c7758151360da2555934391f964807c7fdb0dcf41ff847dc41
-
SSDEEP
12288:Qarbw6IRkt1T9+41zD/n/r8ge0hJ5hM6RINgyV:QaA6IaH+45/n/r8ge0Y6RyHV
Score10/10-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1