General
-
Target
Nouveau document texte.txt
-
Size
14B
-
Sample
240529-pgm72seg59
-
MD5
065aeba48dfa5326e2acf42bfded3969
-
SHA1
61dbf44058d2da48f789c8508f7d04682296ce78
-
SHA256
321f6ad8861cf648c2730b11e00b4ebd7284d5e92aa8ee91a29316405d8b9dc7
-
SHA512
6337321a921c541cef7e692ddec6076ba809399ee92430cb2b0e4e66d1c1e2498f112dd28ce1bc5b75e40a0ea76e08b7a0ea8e026e30a60d5ad03fdf0187271a
Static task
static1
Behavioral task
behavioral1
Sample
Nouveau document texte.txt
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\Users\Admin\Downloads\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Nouveau document texte.txt
-
Size
14B
-
MD5
065aeba48dfa5326e2acf42bfded3969
-
SHA1
61dbf44058d2da48f789c8508f7d04682296ce78
-
SHA256
321f6ad8861cf648c2730b11e00b4ebd7284d5e92aa8ee91a29316405d8b9dc7
-
SHA512
6337321a921c541cef7e692ddec6076ba809399ee92430cb2b0e4e66d1c1e2498f112dd28ce1bc5b75e40a0ea76e08b7a0ea8e026e30a60d5ad03fdf0187271a
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1