General
-
Target
2024-04-28_7f3607674f31dd96e4d6a009cb4dfb7e_wannacry
-
Size
987KB
-
Sample
240428-eedkqafg8y
-
MD5
7f3607674f31dd96e4d6a009cb4dfb7e
-
SHA1
5ebce6ec9924dc24e73a1faef6934128ea46c28c
-
SHA256
ab1ead6628df92a6cf9e0aee75bdf3ad9e7bf7e9067baf2a5a83adbf4cfd5d02
-
SHA512
68e0aff21d3ee5d24794c1d46f5a13fdc6af63f299ff175f74f89443b7edbcf09f7a96fdd43d64ed44e8336f37bfdc1c1806a2103846bbb2e14593fc0a125c06
-
SSDEEP
12288:ut3UkyTa5ziXxqf8FLpqf77yAJKrMCLSoJjvN+MyjLvBG1YJX8ORnu:TkbsLpqDuA7E3cRnu
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-28_7f3607674f31dd96e4d6a009cb4dfb7e_wannacry.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-04-28_7f3607674f31dd96e4d6a009cb4dfb7e_wannacry.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-04-28_7f3607674f31dd96e4d6a009cb4dfb7e_wannacry
-
Size
987KB
-
MD5
7f3607674f31dd96e4d6a009cb4dfb7e
-
SHA1
5ebce6ec9924dc24e73a1faef6934128ea46c28c
-
SHA256
ab1ead6628df92a6cf9e0aee75bdf3ad9e7bf7e9067baf2a5a83adbf4cfd5d02
-
SHA512
68e0aff21d3ee5d24794c1d46f5a13fdc6af63f299ff175f74f89443b7edbcf09f7a96fdd43d64ed44e8336f37bfdc1c1806a2103846bbb2e14593fc0a125c06
-
SSDEEP
12288:ut3UkyTa5ziXxqf8FLpqf77yAJKrMCLSoJjvN+MyjLvBG1YJX8ORnu:TkbsLpqDuA7E3cRnu
Score9/10-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Defense Evasion
Indicator Removal
3File Deletion
3Impair Defenses
1Disable or Modify System Firewall
1Hide Artifacts
1Hidden Files and Directories
1