General
-
Target
2024-06-18_692028a15d45c37361cd9ebd91aa2182_destroyer_wannacry
-
Size
61KB
-
Sample
240618-vzh9pssgmd
-
MD5
692028a15d45c37361cd9ebd91aa2182
-
SHA1
f2d2160758e0ae0d0db22fb4524947d9597aa890
-
SHA256
bf0c353bf4f59db1d33b62589cca64d29c915d3073c86cd04e78f1d28bb65d74
-
SHA512
220738ff8de81abfbedca6288ed78c04405f6499b4a2bdfea6f683fd57ddf702bd6988324bcb501b810d4a780147b13aa45714b9dce295a21a028848cf48f0c4
-
SSDEEP
768:cRp27mtc9Fe87E8L/+5nXWl6/JsNySGc7Q/duS+mD3eiUWGbYxDW:cv2Ec9Fe8FL2JWl6/JnVd/duS+jiri
Behavioral task
behavioral1
Sample
2024-06-18_692028a15d45c37361cd9ebd91aa2182_destroyer_wannacry.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-06-18_692028a15d45c37361cd9ebd91aa2182_destroyer_wannacry.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-06-18_692028a15d45c37361cd9ebd91aa2182_destroyer_wannacry
-
Size
61KB
-
MD5
692028a15d45c37361cd9ebd91aa2182
-
SHA1
f2d2160758e0ae0d0db22fb4524947d9597aa890
-
SHA256
bf0c353bf4f59db1d33b62589cca64d29c915d3073c86cd04e78f1d28bb65d74
-
SHA512
220738ff8de81abfbedca6288ed78c04405f6499b4a2bdfea6f683fd57ddf702bd6988324bcb501b810d4a780147b13aa45714b9dce295a21a028848cf48f0c4
-
SSDEEP
768:cRp27mtc9Fe87E8L/+5nXWl6/JsNySGc7Q/duS+mD3eiUWGbYxDW:cv2Ec9Fe8FL2JWl6/JnVd/duS+jiri
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-