wannacry

General

Target

2024-06-21_e4c02cc725325d00ceb7e6c484c13860_wannacry
Size

3.6MB
Sample

240621-awtwtatdkd
MD5

e4c02cc725325d00ceb7e6c484c13860
SHA1

1d34407f3b62401aeff165d7937d7c8eb8a38843
SHA256

d9925b761be17bba7db075e82c09c174093d369af0b2e7dcfb0da6cec727033e
SHA512

fe07f657c9a2801726fc9b8ff6ee60bc6eaae973a384a02083708d64c4be07fb8c262936d337e93d27591a981a95874ea6b81b412a87c6431dac59bb4f0c9bbb
SSDEEP

98304:wDqPoBhW6SAEdhvxWa9P593R8yAVp2g3:wDqPbZAEUadzR8yc4g

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

- Target
  
  2024-06-21_e4c02cc725325d00ceb7e6c484c13860_wannacry
- Size
  
  3.6MB
- MD5
  
  e4c02cc725325d00ceb7e6c484c13860
- SHA1
  
  1d34407f3b62401aeff165d7937d7c8eb8a38843
- SHA256
  
  d9925b761be17bba7db075e82c09c174093d369af0b2e7dcfb0da6cec727033e
- SHA512
  
  fe07f657c9a2801726fc9b8ff6ee60bc6eaae973a384a02083708d64c4be07fb8c262936d337e93d27591a981a95874ea6b81b412a87c6431dac59bb4f0c9bbb
- SSDEEP
  
  98304:wDqPoBhW6SAEdhvxWa9P593R8yAVp2g3:wDqPbZAEUadzR8yc4g
Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2679) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Detects command variations typically used by ransomware
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2