General
-
Target
sharlotan54_2023-06-15-01-37-14_1686775034399.mp4
-
Size
473KB
-
Sample
240611-xjnklaxdlh
-
MD5
25c252bc27cf7bc7997211bb9535b121
-
SHA1
d479ae3764bc55011710e1dacdcf835c3319ea04
-
SHA256
143e0902549cc52134118e70d9d890ac9279cab6c6239cbe85468ea37ff47956
-
SHA512
38980abb9f6236aab581bef062ac1a207501a7b12ed089ce2f24ee9c57e3d25bad1586e5302abdd5b9ccd65bccc4a1686646ac6d71a1e94ab080e5cc7361bece
-
SSDEEP
6144:dMWnHytWrDW2MfyJSluVKd8o+sUVTGiaO1KJivGpK/q5PpMfuvT938:dgOMfOVE+xVT5aJJieLRauy
Static task
static1
Behavioral task
behavioral1
Sample
sharlotan54_2023-06-15-01-37-14_1686775034399.mp4
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
sharlotan54_2023-06-15-01-37-14_1686775034399.mp4
-
Size
473KB
-
MD5
25c252bc27cf7bc7997211bb9535b121
-
SHA1
d479ae3764bc55011710e1dacdcf835c3319ea04
-
SHA256
143e0902549cc52134118e70d9d890ac9279cab6c6239cbe85468ea37ff47956
-
SHA512
38980abb9f6236aab581bef062ac1a207501a7b12ed089ce2f24ee9c57e3d25bad1586e5302abdd5b9ccd65bccc4a1686646ac6d71a1e94ab080e5cc7361bece
-
SSDEEP
6144:dMWnHytWrDW2MfyJSluVKd8o+sUVTGiaO1KJivGpK/q5PpMfuvT938:dgOMfOVE+xVT5aJJieLRauy
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3