General
-
Target
sample
-
Size
20KB
-
Sample
240503-wy8nmsfh36
-
MD5
be131613a0f4c029acd8d888bb612ab8
-
SHA1
2f48310d73239cba55616104ef2512b701afcdf7
-
SHA256
76f7fe3476251f6fed8a0a7976909b804e22bdbf26b4289177ef6f965b59e9a8
-
SHA512
b49ff76c45ccd4c7840758a7891b2637e02e4bb05950ab72ffcc9a057e09a5caca1b7a4f665b581e0d5c858db21edc2481409fccbba6051c17cb6404a3810af7
-
SSDEEP
384:rjOkyOHDpmReVoOs49i9ylKeGMlU8HhhbBNO07SS2LjMrSb+2IJCgMmVn:rj5BVoOs49myI1MpBhbj32MrSMJ2mVn
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10v2004-20240419-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
sample
-
Size
20KB
-
MD5
be131613a0f4c029acd8d888bb612ab8
-
SHA1
2f48310d73239cba55616104ef2512b701afcdf7
-
SHA256
76f7fe3476251f6fed8a0a7976909b804e22bdbf26b4289177ef6f965b59e9a8
-
SHA512
b49ff76c45ccd4c7840758a7891b2637e02e4bb05950ab72ffcc9a057e09a5caca1b7a4f665b581e0d5c858db21edc2481409fccbba6051c17cb6404a3810af7
-
SSDEEP
384:rjOkyOHDpmReVoOs49i9ylKeGMlU8HhhbBNO07SS2LjMrSb+2IJCgMmVn:rj5BVoOs49myI1MpBhbj32MrSMJ2mVn
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1