General
-
Target
size.ps1
-
Size
689B
-
Sample
240425-kdmpwshb23
-
MD5
fb0b21c3a6bf016cabdf8b202dcd22ff
-
SHA1
6c77f6dd8b37df26e97d4f9fb81dba8229bdeeb0
-
SHA256
e2ed0c53f9f1bb84b62dd7a2c39611c2198b7400cabe88f02dcc65303a1041b2
-
SHA512
0d8817de283ee6b6d896f4fa3267e077d471dba46c122b0c5be8c82f25702257529c2a6d536d919178cca38840c5655e2064f95dc9a361bdff66fe271cb45c2c
Static task
static1
Behavioral task
behavioral1
Sample
size.ps1
Resource
win11-20240412-en
Malware Config
Extracted
C:\Users\Admin\Downloads\Ransomware.WannaCry\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
size.ps1
-
Size
689B
-
MD5
fb0b21c3a6bf016cabdf8b202dcd22ff
-
SHA1
6c77f6dd8b37df26e97d4f9fb81dba8229bdeeb0
-
SHA256
e2ed0c53f9f1bb84b62dd7a2c39611c2198b7400cabe88f02dcc65303a1041b2
-
SHA512
0d8817de283ee6b6d896f4fa3267e077d471dba46c122b0c5be8c82f25702257529c2a6d536d919178cca38840c5655e2064f95dc9a361bdff66fe271cb45c2c
Score10/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1