Extracted

• • Target

    screenshot_2024-06-19_10.02.29.png

  • Size

    827KB

  • MD5

    509996dcae4547fb060c16bd2b7f715e

  • SHA1

    88d7127771cd20ce660c6176073ee1e8da31d6f4

  • SHA256

    ff63ffeb34d04a3415fbcacc4b2d7537132581f6c615736ae2b22651dee16d54

  • SHA512

    96440d3d6dd7223c2aa3fb1767d66842b53176f7a394be0202f90dd97ac283ee6a4b2ae37871ad8c94bdcca442a4e529e3d30fc905b1aa9abd0bc75370353c83

  • SSDEEP

    12288:XUMh5epKK7DmszbsvHv86RMOKuNxutB3czOL4ZgR3OogMY+0ZVgW3Par:kMjUKMSCbAkGMOzu3szOsGQBrZVgiU

  Score

  10^/10

  wannacrydefense_evasiondiscoverypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1