General
-
Target
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin.zip
-
Size
3.3MB
-
Sample
240621-wc2yzayemg
-
MD5
0ee82d7d2714e2ddf579080c5460fea3
-
SHA1
f282646126dfcaf6b63bdc3109edbf4a0b0711f4
-
SHA256
219f4e1e62fa50d0e407a6ae5c49344e1a888f97e7131be118d6c312217e69cc
-
SHA512
102d05fbbd10d5f5d0f0fa8d52145610b058795e6612642305f18534558148e14459e6a57cbd4ab5ea98f260067a4bbcf7d5350d4a6abd5dcb4a27a098a07e60
-
SSDEEP
49152:pkOxAI2wgWz+18ER9/j1E9uK9KuCTvUyzsjugPDJdO9v+vS89KcCu26NV2V4:KOYQzMBR9gd4oyzsjuWjOAvHCl4
Static task
static1
Behavioral task
behavioral1
Sample
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin/ed01ebfbc9eb5bbea545af4d01bf5f1.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin/ed01ebfbc9eb5bbea545af4d01bf5f1.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin (1)
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1