Overview

overview

10

Static

static

3

Adj L3210 pure.zip

windows11-21h2-x64

1

L3210 1210...ee.zip

windows11-21h2-x64

1

Ajdprog.exe

windows11-21h2-x64

10

EditText.dat

windows11-21h2-x64

3

ErrorDetail.dat

windows11-21h2-x64

3

F2_discharge.prn

windows11-21h2-x64

3

LimitSample.exe

windows11-21h2-x64

1

LimitSample.exe.xml

windows11-21h2-x64

1

StrGene.dll

windows11-21h2-x64

3

apdadrv.dll

windows11-21h2-x64

1

caution.bmp

windows11-21h2-x64

3

headid.bmp

windows11-21h2-x64

3

nw_resetdata.dat

windows11-21h2-x64

3

prnerror.bmp

windows11-21h2-x64

3

prnidle.bmp

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Adj L3210 pure.zip

  • Size

    3.6MB

  • Sample

    240619-xt1ynsxerh

  • MD5

    17ae2dce933b09b8bfc6bde8aae4561b

  • SHA1

    7accd3cf0f1aa2e2df22fd806a6e03da68c70c64

  • SHA256

    0dd6d44ab3ff20a6bd57b9fc6e104a869459721bcad906f2ab759a6ede4c7b9f

  • SHA512

    4beb850ac20d4e925a778d75b3ecbdb4904f01e33fa8780b169aabcd02eb1a7ed6c894f42a4216508ccd4b1aea17f031b36c4fcf6e108e1d9953ef1034a999bf

  • SSDEEP

    98304:1sNVAO6Pax+nszwrImUCA/ot/Md3Ht5do2f:ONVT+0+nsMImwwUHt1f

Score
10/10
wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Targets

    • Target

      Adj L3210 pure.zip

    • Size

      3.6MB

    • MD5

      17ae2dce933b09b8bfc6bde8aae4561b

    • SHA1

      7accd3cf0f1aa2e2df22fd806a6e03da68c70c64

    • SHA256

      0dd6d44ab3ff20a6bd57b9fc6e104a869459721bcad906f2ab759a6ede4c7b9f

    • SHA512

      4beb850ac20d4e925a778d75b3ecbdb4904f01e33fa8780b169aabcd02eb1a7ed6c894f42a4216508ccd4b1aea17f031b36c4fcf6e108e1d9953ef1034a999bf

    • SSDEEP

      98304:1sNVAO6Pax+nszwrImUCA/ot/Md3Ht5do2f:ONVT+0+nsMImwwUHt1f

    Score
    1/10
    behavioral1

    • Target

      L3210 1210 3250 free.zip

    • Size

      3.6MB

    • MD5

      da9985c9f1db3d85f53fea50182e87bc

    • SHA1

      48fde7b48c77b5450b4196af8d31ba05e57c056d

    • SHA256

      0953386e8c549c4e36b396a1c73155f886c9f8f7cf4006483e0fa4a52619327e

    • SHA512

      ec6e0a758068cec64cfe0b0a09605c0473813442a3184b77ff648b079dca1f44501ecdefeccb02fb8f3b3f51598eec9c14d9c6245e40f21fd3f14b8e7f8055f6

    • SSDEEP

      98304:wrUX5vLxwvfYSU3YD6Si4ftjZWIVTpj1JEOux5uA3f:0UlxcfYRYDZi46IJ3JEO4sAv

    Score
    1/10
    behavioral2

    • Target

      Ajdprog.exe

    • Size

      3.4MB

    • MD5

      84c82835a5d21bbcf75a61706d8ab549

    • SHA1

      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

    • SHA256

      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

    • SHA512

      90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

    • SSDEEP

      98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

    Score
    10/10
    wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral3

    • Target

      EditText.dat

    • Size

      10KB

    • MD5

      5b1e183f5cad1adf0799b514f5d31295

    • SHA1

      0511df58c0b3270a99fb7a642f6c7c68c30f64b6

    • SHA256

      85d5f3b287a4c34ca1fa3c6b221c1635689b53668571d05b6edcce55992b2bbb

    • SHA512

      9dc5bfab4bb690731391eb571c8428f3da1e7ba00959b4a0f7fc117ba164b9eb50d534d9efadec3c22c69662f6e0b8c14c7a9fdb4d2e2f6dd877c134c499c1cd

    • SSDEEP

      96:of4Y6VHg50L5f/FL3F+rcDH8YNCLHvNLHvuetLVyAImi9j6BuT2k5oNpZijmFmGQ:ogiMF7BDA7N7uoBbeMcjmFmGMGPW

    Score
    3/10
    behavioral4

    • Target

      ErrorDetail.dat

    • Size

      23KB

    • MD5

      62776be9a152b466b3d86d2d266f9d42

    • SHA1

      be3edcae1220ee140067f37b1f675682a2fed2d3

    • SHA256

      4c38555fb1ae9a16f7be0132261f666b4570fdff457c3cefc5ed36d8f2ae6974

    • SHA512

      7cc7d4f2fa1a971e5d9ebf5dcebc893ff2eca29aa1e915a8280b36c0931600ac4428f0ae933187326bb7b5eca2e3c6ebb93134e5a67ed153915390d4031abf09

    • SSDEEP

      192:taR6/dwogF5itaCS6GL1Kv1G3XPsnc974aMhAXjMRrQ4Vy:taRcdeaQ1L1C1G3XPsnJGYte

    Score
    3/10
    behavioral5

    • Target

      F2_discharge.prn

    • Size

      1KB

    • MD5

      ec4d13eafebf232702a15c7829a174d1

    • SHA1

      1048abc1096b66ce3cf58d3b4fa586157ded87aa

    • SHA256

      76a465f3b4bdaa0bb83bd02ede986e042428c71504f7192d4b9a430c951d8626

    • SHA512

      977a560eb0076ca4ce2266246b7bad5e820ba412dc13746be591a8d4b7ba60713ba24d7fec3d80a584408e1d8409f2e68c37ac328f36f20544276f0c333c5920

    Score
    3/10
    behavioral6

    • Target

      LimitSample.exe

    • Size

      52KB

    • MD5

      a8d3728f36a5ceeda695f62cc7382d9e

    • SHA1

      69ea93e1a71165fdea11e1d5d601aa64eec808cd

    • SHA256

      412df15cf48eaf8c274d349ce980c9b728cd4f997254983eca7dd552843caf8f

    • SHA512

      4e44809479ff3fc2be71bda90d4dc665d071a214d6b25670a06d867f8edcf70e54b3075ff2a0fc308134641d42f5b383e919e2cd40163c844002ea3ce6d8e3d4

    • SSDEEP

      768:4kfppXkeINBslc1Pc6lk2oTN7Opi3Oc1P:fXzINB4c1Pc6lh8H3Oc1P

    Score
    1/10
    behavioral7

    • Target

      LimitSample.exe.config

    • Size

      189B

    • MD5

      6ff09217336c85ce71456b1c79b56b66

    • SHA1

      75f5cef921c689c2743b4c4de2283707ec5c65c6

    • SHA256

      b9f388e388fb855999926f8ba0e6997f3917285a3af83a96c249fc529f341975

    • SHA512

      ecd8695bb102bde489df432eae881c91a74beb153048aa0bc0eca53e29ac60d0d739e9f6283ba602883080ea961f29a3291efa253ef71a0606430484854b56e8

    Score
    1/10
    behavioral8

    • Target

      StrGene.dll

    • Size

      86KB

    • MD5

      0cf43737c5d063a82b788d56206b43c5

    • SHA1

      0c8c151b31a62fe470b89ccaba893145b63d612b

    • SHA256

      8e731f4d1dddb9a46031f3d863425c62bfd16dd755925d42fa6d5f707b27f6d6

    • SHA512

      51fd91814eb7bea84e5bfc5d420d995fcbaa0dfbc31319a7fee9ffc8e3aa28d924cedbc72e1e792bedbfded3a9d29937f335f30ac2bb4dda8caa02c37f4cf287

    • SSDEEP

      1536:FV2aGk1BXmwcZck+id3IsqZqkr9SiQjzI9sW1j1Dcd7G0hg9ng:fzMciVmlwiWKZy7G0hK

    Score
    3/10
    behavioral9

    • Target

      apdadrv.dll

    • Size

      100KB

    • MD5

      7bc6071301f011edfe115026a5e3a20d

    • SHA1

      8a20967a08ce4e1b4323a25a3c4f983cb22d1bda

    • SHA256

      f2277c9f1f477a6bd06b4645bd818e241ce8352395b4d67bab87583aaebd36fd

    • SHA512

      eb84345291ccfe47b754a8d37bea4473e38b744c2cb3d092bad6d358ca2dd7fca0c76cea44fbaffe43ea9c67a65cb7caef5effdbf57860300fdaf12de8bdb5ee

    • SSDEEP

      1536:8xjdVED1VOEAzJx1GmZbbveY1Iq3tH6MsHQQtJSHM3G:IVE3KIqx6MoFtJSHMW

    Score
    1/10
    behavioral10

    • Target

      caution.bmp

    • Size

      4KB

    • MD5

      29158633ef078d5d4ae7d1c76165a0a9

    • SHA1

      ca11e48feea3c1e05695c8d3431f48b91a6dc366

    • SHA256

      d9461c3292a2283eadc730e2eaefb42a4eac2c48b98397bad0f7b918c86f3893

    • SHA512

      7133e87d3edfcfa17dfbd4d6cb15967c4ac90797217793f883ed7f516c2f3c441a18edd592cb7631c6d53bbd1cd087975af66f81c0bd23c7db96d86fb67a02ac

    • SSDEEP

      24:604kx+MonL76kmNu9Td0GRlepX3si/raGm6hofPoqQakEeee9mUe8A/L/dT/pTjj:34kUlOFg9pLi3R2Gu9QVEemBfDdLpsMX

    Score
    3/10
    behavioral11

    • Target

      headid.bmp

    • Size

      208KB

    • MD5

      bd2d076f0d4c5cb4e4dd622edeff72b3

    • SHA1

      c47f7df6e2367e74b0ed982959a8a2071b389919

    • SHA256

      268119e12ae85210e6da2d1e98c8d66b267c8696cc3a9e590b79b9546d9363af

    • SHA512

      f347523042c52a81ac26a337f797d05a429842584658d74b87dffe3f5449c9ee51ec2589d0b57f344c96945151ee5b458bc6817aeb87bbe22a6644962ccecb43

    • SSDEEP

      6144:MyKMtf+7yYmNp5OlRstVQVCuusk1d9lXFHYRc:Mxmf+7yYmtOmuusK9tFsc

    Score
    3/10
    behavioral12

    • Target

      nw_resetdata.dat

    • Size

      16KB

    • MD5

      4b8033954b4440361c2479863c051c4a

    • SHA1

      cd8d68a0a9568703268d0f99d7675ddf4ed30fb4

    • SHA256

      1587151474592c2cf4bcdae0a1caa10185b1aab07f02390adc9abaf7c2f14ce6

    • SHA512

      43218cc763b1b8917c63e8e5fc584e3aac389f8f53139b85469efd267ccca9d8258c680eed618e9a6123efe7f3522ebef3265b7348df10d7cb281146b365f43c

    • SSDEEP

      384:qIGzO4Oyp2K/hQ5EbjzpcKmAvDOAF295cMHt8K1yn0:qIv4OwzSwvDOAFUF8K1yn0

    Score
    3/10
    behavioral13

    • Target

      prnerror.bmp

    • Size

      16KB

    • MD5

      828a524e79d60fd833946ccbb5c423c0

    • SHA1

      6031468728f33676c482b781a30a14dd8e026188

    • SHA256

      b50d32c94df4edb3c2d1061f3fbef639da9df7a532127dc365ba91b2afdc532c

    • SHA512

      9a30da68743da2dbb4b2bd1892d9548fa4b90324afca9b118776edf56d4128a31d400b6535afa850e6738a99f51bba1ff6c09a75fdac4041b253d7c808d9dab1

    • SSDEEP

      384:DXSBHHHKHHHHHHZHHHHHHHFHHHHHHHHHNMHHHHHHHHHHHAHHHHHHHHHHHHHHWZHv:65

    Score
    3/10
    behavioral14

    • Target

      prnidle.bmp

    • Size

      16KB

    • MD5

      c80063b2bb3eba3cb27ad00e0724cefc

    • SHA1

      9afd10a0bb2a31880d7ffad4331be6bb845834f4

    • SHA256

      54a7e1d1bdf0f265c69e45e062d2f0813b56ae56f5eab454c99eb4af4b9e95ac

    • SHA512

      9217129fcab636ad24af756862629ef2f17f48676d3d6a61002422f976f8f13f223c5dc806a557feb501c18bd560b18b806e70b5f86b59ca25e0f510d81088bf

    • SSDEEP

      384:DXSBHHHKHHHHHHZHHHHHHHFHHHHHHHHHNMHHHHHHHHHHHAHHHHHHHHHHHHHHWZHR:6f

    Score
    3/10
    behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Modify Registry

4
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

1
T1490

Tasks