Overview

overview

10

Static

static

10

2024-05-08...ry.exe

windows7-x64

9

2024-05-08...ry.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-08_2b77cb7bc7a852060e86c78a64062d5f_wannacry

  • Size

    116KB

  • Sample

    240508-pkwnlacc6t

  • MD5

    2b77cb7bc7a852060e86c78a64062d5f

  • SHA1

    f71eb50bd9d7d5f31341b741863fe29be0918da8

  • SHA256

    6d59b7ed449dc75111bcaa928104c927886aab61dba96956edd99a81b8bfc8a3

  • SHA512

    d62192cc336d01ca918d024c8ffff5f9833875eecde09397b4e9fdbee7988f76417a329194d87d3582fc1e800ea2990fb0a50b7345bd2f55acd563d4d299c42a

  • SSDEEP

    1536:BMtJ989FRat+rm9AYbq8CyfFq54MrIV9Yecca6TrX7YeOzk+7w1m:etf8tJcpOqfJMrIV9Yhca63

Score
10/10
ransomware

Malware Config

Targets

    • Target

      2024-05-08_2b77cb7bc7a852060e86c78a64062d5f_wannacry

    • Size

      116KB

    • MD5

      2b77cb7bc7a852060e86c78a64062d5f

    • SHA1

      f71eb50bd9d7d5f31341b741863fe29be0918da8

    • SHA256

      6d59b7ed449dc75111bcaa928104c927886aab61dba96956edd99a81b8bfc8a3

    • SHA512

      d62192cc336d01ca918d024c8ffff5f9833875eecde09397b4e9fdbee7988f76417a329194d87d3582fc1e800ea2990fb0a50b7345bd2f55acd563d4d299c42a

    • SSDEEP

      1536:BMtJ989FRat+rm9AYbq8CyfFq54MrIV9Yecca6TrX7YeOzk+7w1m:etf8tJcpOqfJMrIV9Yhca63

    Score
    9/10
    ransomware

    • Detects command variations typically used by ransomware

    • Renames multiple (148) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks