General
-
Target
2024-06-17_5c84cc535d99df4e19f6b54a1640dce8_wannacry
-
Size
3.4MB
-
Sample
240617-hkpfysshlq
-
MD5
5c84cc535d99df4e19f6b54a1640dce8
-
SHA1
6c5a52207c05601098769796d2c11c157ff58b00
-
SHA256
d2c9309af5abf74cba45958481e597dc1d94619bf32e64386c52a2d81a948709
-
SHA512
cd2e1274bf3752ae7924a68b23fc1ac1cf6fdd1e9af52e11c88713699105d86898b38b701944c7cd8cbe5a6ef5a31edd7232eb7ef114e4bc832987966805ecd9
-
SSDEEP
98304:BqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3h:BqPe1Cxcxk3ZAEUadzR8yc4gx
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-17_5c84cc535d99df4e19f6b54a1640dce8_wannacry.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-17_5c84cc535d99df4e19f6b54a1640dce8_wannacry.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
2024-06-17_5c84cc535d99df4e19f6b54a1640dce8_wannacry
-
Size
3.4MB
-
MD5
5c84cc535d99df4e19f6b54a1640dce8
-
SHA1
6c5a52207c05601098769796d2c11c157ff58b00
-
SHA256
d2c9309af5abf74cba45958481e597dc1d94619bf32e64386c52a2d81a948709
-
SHA512
cd2e1274bf3752ae7924a68b23fc1ac1cf6fdd1e9af52e11c88713699105d86898b38b701944c7cd8cbe5a6ef5a31edd7232eb7ef114e4bc832987966805ecd9
-
SSDEEP
98304:BqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3h:BqPe1Cxcxk3ZAEUadzR8yc4gx
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1