General
-
Target
2024-04-28_333afd6c1ce5888600f832dd3d2b07f6_wannacry
-
Size
166KB
-
Sample
240428-z8k7wahh4v
-
MD5
333afd6c1ce5888600f832dd3d2b07f6
-
SHA1
84cb62be929e0a1cbaafd000c9acc5a1dc333ee2
-
SHA256
e1ec2d19bbbc926bce8915a1d7f94cbb143f2466ac13516d02bcd9ff2ccd4354
-
SHA512
f6a53fdea4019440c2d416039230111b85645e820ef1545fc7e6e8e3156fffc62fb0e336068b30278452013f9af05e0b0c409ba7dfd850b4ed39db2b3434f790
-
SSDEEP
3072:eoH9zr9A2p8PoEXP+1ariGuqi8RWoZ28h8K9f0eBDQsvSnOI0Fwgj:Jr918PUiuqiePE86K98gH8OI0W
Behavioral task
behavioral1
Sample
2024-04-28_333afd6c1ce5888600f832dd3d2b07f6_wannacry.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-04-28_333afd6c1ce5888600f832dd3d2b07f6_wannacry.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
C:\Users\Admin\Documents\read_it.txt
chaos
Targets
-
-
Target
2024-04-28_333afd6c1ce5888600f832dd3d2b07f6_wannacry
-
Size
166KB
-
MD5
333afd6c1ce5888600f832dd3d2b07f6
-
SHA1
84cb62be929e0a1cbaafd000c9acc5a1dc333ee2
-
SHA256
e1ec2d19bbbc926bce8915a1d7f94cbb143f2466ac13516d02bcd9ff2ccd4354
-
SHA512
f6a53fdea4019440c2d416039230111b85645e820ef1545fc7e6e8e3156fffc62fb0e336068b30278452013f9af05e0b0c409ba7dfd850b4ed39db2b3434f790
-
SSDEEP
3072:eoH9zr9A2p8PoEXP+1ariGuqi8RWoZ28h8K9f0eBDQsvSnOI0Fwgj:Jr918PUiuqiePE86K98gH8OI0W
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-