General
-
Target
2024-06-03_75a95bd340c43bf016117c1013631c42_wannacry
-
Size
329KB
-
Sample
240603-nq9a7sed42
-
MD5
75a95bd340c43bf016117c1013631c42
-
SHA1
90a88828b3ed3c25bd91e20b67012f54e221ade6
-
SHA256
b9cd15b5f4112728466f2c11d595711d0953da0d26408b57f42d1215cf60b1b1
-
SHA512
41b4356df8be11a8a395918a8871f466c3b7e67ab1eaae1c40cfc374085302ca8693c463e8c24c143c362edde4c43442ddc52ae4ec96a4b4ad294caea17fcb62
-
SSDEEP
6144:7cVbL0hiIOb8+LDCvzCnQHw67feMv8KiPuTL94:7cVJIOA+vCvnJ8tPuF4
Behavioral task
behavioral1
Sample
2024-06-03_75a95bd340c43bf016117c1013631c42_wannacry.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-03_75a95bd340c43bf016117c1013631c42_wannacry.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\SkynetData.txt
Targets
-
-
Target
2024-06-03_75a95bd340c43bf016117c1013631c42_wannacry
-
Size
329KB
-
MD5
75a95bd340c43bf016117c1013631c42
-
SHA1
90a88828b3ed3c25bd91e20b67012f54e221ade6
-
SHA256
b9cd15b5f4112728466f2c11d595711d0953da0d26408b57f42d1215cf60b1b1
-
SHA512
41b4356df8be11a8a395918a8871f466c3b7e67ab1eaae1c40cfc374085302ca8693c463e8c24c143c362edde4c43442ddc52ae4ec96a4b4ad294caea17fcb62
-
SSDEEP
6144:7cVbL0hiIOb8+LDCvzCnQHw67feMv8KiPuTL94:7cVJIOA+vCvnJ8tPuF4
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-