General
-
Target
7z2407-x64.exe
-
Size
1.5MB
-
Sample
240622-xsmdwsvblq
-
MD5
f1320bd826092e99fcec85cc96a29791
-
SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
-
SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
-
SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a
-
SSDEEP
24576:GE413GbD17f+xGvqTQQc3iFwInAKPfzMc2NAjBWm5HrUq3IbWpeFy:GEVp1/SFwg1bMdN6Wm5HQq3YWUg
Static task
static1
Behavioral task
behavioral1
Sample
7z2407-x64.exe
Resource
win10v2004-20240611-fr
Malware Config
Extracted
C:\Users\Admin\Downloads\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
7z2407-x64.exe
-
Size
1.5MB
-
MD5
f1320bd826092e99fcec85cc96a29791
-
SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
-
SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
-
SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a
-
SSDEEP
24576:GE413GbD17f+xGvqTQQc3iFwInAKPfzMc2NAjBWm5HrUq3IbWpeFy:GEVp1/SFwg1bMdN6Wm5HQq3YWUg
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops startup file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1