Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 09:46
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe
-
Size
3.6MB
-
MD5
b3c6bb2b504e6096872b84ec0ff16a4a
-
SHA1
e1d6d1b8cb7a0b35f4070254d3b548cbb4eea8da
-
SHA256
86f849585db5b4c08fc457b7118e2f22673e2a70157e8695fa6c5b192bb02a17
-
SHA512
d5dc8ee1c6ecc56978b9b634562ae7c04c762cb7db9e3fe5e7a489f5d12667f911f6935d475ca0bc602b6edaebcabaeb4db31aec2ad817473d75aadb3a36f2ae
-
SSDEEP
49152:2nAQqMSPbcBVaNRx+TSqTdX1HkQo6SAA:yDqPoBiRxcSUDk36SA
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (2695) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
Processes:
tasksche.exepid process 2712 tasksche.exe -
Drops file in Windows directory 1 IoCs
Processes:
2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exedescription ioc process File created C:\WINDOWS\tasksche.exe 2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exedescription ioc process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" 2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" 2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" 2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" 2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ 2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe"1⤵
- Drops file in Windows directory
PID:4156 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:2712
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_b3c6bb2b504e6096872b84ec0ff16a4a_wannacry.exe -m security1⤵
- Modifies data under HKEY_USERS
PID:4744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD57b59aa7012e4819420094b0ab860770d
SHA1d94009a1448c643d0dbd65fd5c85b67de938cf04
SHA256c36000c7a12259bf274258e383ccfb01b084716bf8e02a7404864cda5ed8d938
SHA51210fb4429a454e2a16f2ba3be660eefc0cf3dd064ac191327534ef7366ea7d9e2f0da44de83ac0bf46af5442ce1c1409a005f8f8c4d3512325b2e8590b8a7e015