General
-
Target
avatar-pc-BYE_BYE_Nard.vrca
-
Size
27.5MB
-
Sample
240505-ah52xsbd23
-
MD5
fdadba4a3e9c52ca461c19fcab592d91
-
SHA1
28176dbed29043ec5b5a53a0a6a93de0dd6ffdc6
-
SHA256
7aee1fb68b3afa512c22fee8986a17a29e68168521d5c8fdb00c06a995153024
-
SHA512
c95552fcc223e8e3dfdcf2829ebfe0a1707ecff3698a78db5d5c8774f08b300855114fece0e3b97eeb8d4f257a85a2c50e0f8ab67f5a6e06f9aba26450cd7b08
-
SSDEEP
786432:NXRl4eDMyl/H62x+NHYU5v4t6aTczmuhx5mb3FejA:NXRlRnHR+N4USsfhxYFF
Static task
static1
Behavioral task
behavioral1
Sample
avatar-pc-BYE_BYE_Nard.vrca
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
avatar-pc-BYE_BYE_Nard.vrca
-
Size
27.5MB
-
MD5
fdadba4a3e9c52ca461c19fcab592d91
-
SHA1
28176dbed29043ec5b5a53a0a6a93de0dd6ffdc6
-
SHA256
7aee1fb68b3afa512c22fee8986a17a29e68168521d5c8fdb00c06a995153024
-
SHA512
c95552fcc223e8e3dfdcf2829ebfe0a1707ecff3698a78db5d5c8774f08b300855114fece0e3b97eeb8d4f257a85a2c50e0f8ab67f5a6e06f9aba26450cd7b08
-
SSDEEP
786432:NXRl4eDMyl/H62x+NHYU5v4t6aTczmuhx5mb3FejA:NXRlRnHR+N4USsfhxYFF
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1