General
-
Target
sample
-
Size
20KB
-
Sample
240501-rfc2ssge31
-
MD5
34d4df9e8d3e5db66175b1966403c948
-
SHA1
3c631ee2e78b04eba141857f4de38e6ace8f9206
-
SHA256
391e48cf8e276282940138bf3f667f84f2e72e41cc0a92cb02cab23d82a33ec7
-
SHA512
93697adc709e7140b17874fcc1f946dc1740634e3f28938f2690c8c17fb12942c3ab91e2f0423408d7e7e8f3c190ca96b58541921e80a2d7e086a297a33c10e0
-
SSDEEP
384:rGsdMDpmReVoOs4Ii9ylKeGMcUxWHhhbcly7iS2LjMrSSpxIJCgMmVn:rGOMBVoOs4ImyI1MTWBhbcUmMrSRJ2mV
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10-20240404-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
sample
-
Size
20KB
-
MD5
34d4df9e8d3e5db66175b1966403c948
-
SHA1
3c631ee2e78b04eba141857f4de38e6ace8f9206
-
SHA256
391e48cf8e276282940138bf3f667f84f2e72e41cc0a92cb02cab23d82a33ec7
-
SHA512
93697adc709e7140b17874fcc1f946dc1740634e3f28938f2690c8c17fb12942c3ab91e2f0423408d7e7e8f3c190ca96b58541921e80a2d7e086a297a33c10e0
-
SSDEEP
384:rGsdMDpmReVoOs4Ii9ylKeGMcUxWHhhbcly7iS2LjMrSSpxIJCgMmVn:rGOMBVoOs4ImyI1MTWBhbcUmMrSRJ2mV
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1