General
-
Target
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c
-
Size
3.6MB
-
Sample
240507-krpfmshb8w
-
MD5
84c4d4a9801517c7e30d9b2d5b5ad2f5
-
SHA1
d1ea482b7bed17062e496409218f99270d6add55
-
SHA256
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c
-
SHA512
0754861fb672addfaebbdcb4416d471212a2ef8f9df8bb45db4a94bc17b9ecd3905fcd206f5155b99cfe66255e6e793cfe5602dd123ea4de0a8b9f6150027911
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3L:wQqPe1Cxcxk3ZAEUadzR8yc4gb
Static task
static1
Behavioral task
behavioral1
Sample
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c.exe
Resource
win11-20240426-en
Malware Config
Extracted
C:\ProgramData\ipfnigovuw360\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\ProgramData\svgirwyi764\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\ProgramData\twqxiticrtosdez480\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c
-
Size
3.6MB
-
MD5
84c4d4a9801517c7e30d9b2d5b5ad2f5
-
SHA1
d1ea482b7bed17062e496409218f99270d6add55
-
SHA256
544f5c30c6ad4f84a0d35f8bf3e57c37b57eb68b494986795a3c138e60473d9c
-
SHA512
0754861fb672addfaebbdcb4416d471212a2ef8f9df8bb45db4a94bc17b9ecd3905fcd206f5155b99cfe66255e6e793cfe5602dd123ea4de0a8b9f6150027911
-
SSDEEP
98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3L:wQqPe1Cxcxk3ZAEUadzR8yc4gb
-
Contacts a large (7380) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1