General
-
Target
.
-
Size
147KB
-
Sample
240505-sx35zsdh5t
-
MD5
309013f5ea20f08012e51744c96efb4a
-
SHA1
0db1f983951e79d2f7abed9a58750c10226e7eb3
-
SHA256
449acffa45ae141cf507ee6ef25156044234e222e2cf39a89387b3c239b136f7
-
SHA512
5f0d9bd4750d8cb063d84998f5316d95cd40fbcb954a45f9a2f6ffe68c3485f23e663eab32947675c3bd240a73b508841f4e83dbfa5dab4ae6aa4a7742283005
-
SSDEEP
1536:ohkaad8mvVqeK4DyxRR4Dpll0WlI130vD9328s4DDHhqiS:ik+ml6jUllvI4dHhqiS
Static task
static1
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
.
-
Size
147KB
-
MD5
309013f5ea20f08012e51744c96efb4a
-
SHA1
0db1f983951e79d2f7abed9a58750c10226e7eb3
-
SHA256
449acffa45ae141cf507ee6ef25156044234e222e2cf39a89387b3c239b136f7
-
SHA512
5f0d9bd4750d8cb063d84998f5316d95cd40fbcb954a45f9a2f6ffe68c3485f23e663eab32947675c3bd240a73b508841f4e83dbfa5dab4ae6aa4a7742283005
-
SSDEEP
1536:ohkaad8mvVqeK4DyxRR4Dpll0WlI130vD9328s4DDHhqiS:ik+ml6jUllvI4dHhqiS
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1