Overview

overview

10

Static

static

1

procexp.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    procexp.exe

  • Size

    4.4MB

  • Sample

    240604-vw1pksdg8v

  • MD5

    7289aa6c0f2c41c29c9b33caf1c15779

  • SHA1

    96387ab157168b22111e3c70b22364c9b71639c4

  • SHA256

    0ab0116b34db0e7168dd5c5b1c917bbb1d38235ece4430348f068914b4ab87a6

  • SHA512

    f98d4541a31df87e80a8dbce0c783585f9b471a0388bf179b8c3cfaf65366212349b059a17a7b6d1c5704a86c6af5184f0b9c5d99e590a6a1a60dae943300d0b

  • SSDEEP

    49152:Kug+zejoF8v8F/nluLRpSct4whtfVKevv7m9gcQYPbH51a7y58SG:Nzeo80F/nQRMPbjAyKZ

Score
10/10
wannacrydefense_evasiondiscoveryexecutionimpactransomwareworm

Malware Config

Extracted

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

    • Target

      procexp.exe

    • Size

      4.4MB

    • MD5

      7289aa6c0f2c41c29c9b33caf1c15779

    • SHA1

      96387ab157168b22111e3c70b22364c9b71639c4

    • SHA256

      0ab0116b34db0e7168dd5c5b1c917bbb1d38235ece4430348f068914b4ab87a6

    • SHA512

      f98d4541a31df87e80a8dbce0c783585f9b471a0388bf179b8c3cfaf65366212349b059a17a7b6d1c5704a86c6af5184f0b9c5d99e590a6a1a60dae943300d0b

    • SSDEEP

      49152:Kug+zejoF8v8F/nluLRpSct4whtfVKevv7m9gcQYPbH51a7y58SG:Nzeo80F/nQRMPbjAyKZ

    Score
    10/10
    wannacrydefense_evasiondiscoveryexecutionimpactransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks