Overview

overview

10

Static

static

1

Dummes hur...rt.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dummes hurensohn scheiß programm das seit 3 fucking stunden nicht funktioniert.ps1

  • Size

    1KB

  • Sample

    240528-sdkvashg3t

  • MD5

    3d2fb069db2dbda9d278fc79bdfdfbe8

  • SHA1

    d64f798b2285fbc3c0c27bb033c80657a3b3d982

  • SHA256

    68e24f54f98ff6bed8c25c7a08c1d224ed1ab378ac1d7fb9d232ebeaf3b283e1

  • SHA512

    5fe4612b79f3d7234a081b4611742b0e3a1037183c7e9e05b6b3eb69f06bf998da45611dd0dba6905efdc6a2bbd2ca8ffa4a38268210c7f7b2cac364736033e3

Score
10/10
wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwareworm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

    • Target

      Dummes hurensohn scheiß programm das seit 3 fucking stunden nicht funktioniert.ps1

    • Size

      1KB

    • MD5

      3d2fb069db2dbda9d278fc79bdfdfbe8

    • SHA1

      d64f798b2285fbc3c0c27bb033c80657a3b3d982

    • SHA256

      68e24f54f98ff6bed8c25c7a08c1d224ed1ab378ac1d7fb9d232ebeaf3b283e1

    • SHA512

      5fe4612b79f3d7234a081b4611742b0e3a1037183c7e9e05b6b3eb69f06bf998da45611dd0dba6905efdc6a2bbd2ca8ffa4a38268210c7f7b2cac364736033e3

    Score
    10/10
    wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwareworm
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Modify Registry

3
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

1
T1490

Tasks