General
-
Target
recroom doxes.exe
-
Size
10KB
-
Sample
240511-g3n3gacg36
-
MD5
b2d64d7351a733c044c35df29e128b8f
-
SHA1
dbea99efefe266261bff99208c07336a2ff1e92a
-
SHA256
2f435d8698369f6d6cf9cb68fda56fd61cf266c0df911f4a634d701dd0a40ca6
-
SHA512
5f09b1ff9028983a88fbefdb462ac4811303e277016efb7fa21b7ae3b9fd083011dc2a7cf06ee9233d7e009ce4b2ed4448ebedff701dbebbbf6662473c8f5231
-
SSDEEP
96:NKMPnZ4eNF/pedzDv99S+6xxX5ZQMdeMvqnr4lmjOCq+f/fXa6LG2sVzcPlDLzNt:s4hfpedzb9EPxXnrunHHsVz2DN
Static task
static1
Behavioral task
behavioral1
Sample
recroom doxes.exe
Resource
win11-20240426-en
Malware Config
Extracted
C:\Users\Admin\Downloads\Computer-Virus-master\Computer-Virus-master\WannaCry\EternalBlue\sources\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
recroom doxes.exe
-
Size
10KB
-
MD5
b2d64d7351a733c044c35df29e128b8f
-
SHA1
dbea99efefe266261bff99208c07336a2ff1e92a
-
SHA256
2f435d8698369f6d6cf9cb68fda56fd61cf266c0df911f4a634d701dd0a40ca6
-
SHA512
5f09b1ff9028983a88fbefdb462ac4811303e277016efb7fa21b7ae3b9fd083011dc2a7cf06ee9233d7e009ce4b2ed4448ebedff701dbebbbf6662473c8f5231
-
SSDEEP
96:NKMPnZ4eNF/pedzDv99S+6xxX5ZQMdeMvqnr4lmjOCq+f/fXa6LG2sVzcPlDLzNt:s4hfpedzb9EPxXnrunHHsVz2DN
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-