Analysis Overview
score
10/10
SHA256
635adb7c70d41a43be40469bd0a517e8feb8a9ddb3e68f0ead3c2a4b82875213
Threat Level: Known bad
The file 2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry was found to be: Known bad.
Malicious Activity Summary
Chaos family
Detects command variations typically used by ransomware
Chaos Ransomware
Chaos
Renames multiple (207) files with added filename extension
Detects command variations typically used by ransomware
Renames multiple (195) files with added filename extension
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Drops startup file
Drops desktop.ini file(s)
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 07:38
Signatures
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Chaos family
Detects command variations typically used by ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 07:38
Reported
2024-06-14 07:41
Platform
win7-20240508-en
Max time kernel
118s
Max time network
123s
Command Line
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe"
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects command variations typically used by ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Renames multiple (207) files with added filename extension
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\마인크래프트 무료설치.url | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Music\Sample Music\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\Sample Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links for United States\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Enumerates physical storage devices
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1976 wrote to memory of 2828 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe |
| PID 1976 wrote to memory of 2828 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe |
| PID 1976 wrote to memory of 2828 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe |
| PID 2828 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 2828 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 2828 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe"
C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe
"C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
Network
N/A
Files
memory/1976-0-0x000007FEF5863000-0x000007FEF5864000-memory.dmp
memory/1976-1-0x00000000000F0000-0x000000000010C000-memory.dmp
C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe
| MD5 | 47cb4cb930541788a53da6337f726dc8 |
| SHA1 | 2d7297e0469e51784b44212c795bae5237c314dc |
| SHA256 | 635adb7c70d41a43be40469bd0a517e8feb8a9ddb3e68f0ead3c2a4b82875213 |
| SHA512 | cfd584a481a8416900d0d081e81c5da1206c2723a39b02225afbfb636f5d81e705b425816e9498cc089daa7e387434af4d1a1ffc866181c43af3f5b83fa796a2 |
memory/2828-7-0x0000000000FC0000-0x0000000000FDC000-memory.dmp
memory/2828-9-0x000007FEF5860000-0x000007FEF624C000-memory.dmp
memory/2828-10-0x000007FEF5860000-0x000007FEF624C000-memory.dmp
C:\Users\Admin\Documents\read_it.txt
| MD5 | b91469b8c47041b5b5a04581fab689d2 |
| SHA1 | 562ce0e37bc596854d8f664f255f40c05e42f565 |
| SHA256 | a82a92f952293fbea756de18927fc0a6091d65b7c23bfe45b61f9e876c474c69 |
| SHA512 | 3b39eddab0d4aaf6c1c0a51e720d031d2b21df5ab0df69860b9ffb92680e27ee4ae57e9e25bde31ca4c4424970f4f72bfc371bbca78055ede83d2b737efafaa4 |
memory/2828-476-0x000007FEF5860000-0x000007FEF624C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 07:38
Reported
2024-06-14 07:41
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
157s
Command Line
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe"
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects command variations typically used by ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Renames multiple (195) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\마인크래프트 무료설치.url | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2504 wrote to memory of 3672 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe |
| PID 2504 wrote to memory of 3672 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe |
| PID 3672 wrote to memory of 4964 | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 3672 wrote to memory of 4964 | N/A | C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry.exe"
C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe
"C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/2504-1-0x00007FFAB03A0000-0x00007FFAB0669000-memory.dmp
memory/2504-0-0x0000000000A00000-0x0000000000A1C000-memory.dmp
C:\Users\Admin\AppData\Roaming\마인크래프트 무료설치.exe
| MD5 | 47cb4cb930541788a53da6337f726dc8 |
| SHA1 | 2d7297e0469e51784b44212c795bae5237c314dc |
| SHA256 | 635adb7c70d41a43be40469bd0a517e8feb8a9ddb3e68f0ead3c2a4b82875213 |
| SHA512 | cfd584a481a8416900d0d081e81c5da1206c2723a39b02225afbfb636f5d81e705b425816e9498cc089daa7e387434af4d1a1ffc866181c43af3f5b83fa796a2 |
memory/2504-14-0x00007FFAB03A0000-0x00007FFAB0669000-memory.dmp
memory/3672-15-0x00007FFAB03A0000-0x00007FFAB0669000-memory.dmp
memory/3672-17-0x00007FFAB03A0000-0x00007FFAB0669000-memory.dmp
C:\Users\Admin\Documents\read_it.txt
| MD5 | b91469b8c47041b5b5a04581fab689d2 |
| SHA1 | 562ce0e37bc596854d8f664f255f40c05e42f565 |
| SHA256 | a82a92f952293fbea756de18927fc0a6091d65b7c23bfe45b61f9e876c474c69 |
| SHA512 | 3b39eddab0d4aaf6c1c0a51e720d031d2b21df5ab0df69860b9ffb92680e27ee4ae57e9e25bde31ca4c4424970f4f72bfc371bbca78055ede83d2b737efafaa4 |
memory/3672-459-0x00007FFAB03A0000-0x00007FFAB0669000-memory.dmp