chaos | a2874515f99c1a2bd3ffd8ec44cc74398832de58ce8e7373fd16e8acfd338f3a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 18:11

Target

2024-07-06_a2e4c1884134011f71494c640f8c6525_wannacry.exe
Size

263KB
MD5

a2e4c1884134011f71494c640f8c6525
SHA1

d9ad361fe9f86ff676f5c41045e3e7af806328d9
SHA256

a2874515f99c1a2bd3ffd8ec44cc74398832de58ce8e7373fd16e8acfd338f3a
SHA512

5e4cc957f5285df987111fc4cd1efa6fce00b9710688a1297ac0656fc2ded7e88ea06bbe8eebf901f58a05102a6854b7003591b69da2ef719c37e867e01c5b2a
SSDEEP

3072:STcQRc9SwyZnCboGSqihQ5Mk/EHCSQ9IiNP8Q1fBLe8vQQ7b8lW76+zGklGT5CkL:ycQc9vScRiDH6b/e8/8li3GXuE3y7

Score

10^/10

chaos ransomware

Chaos Ransomware 1 IoCs

resource	yara_rule
behavioral1/memory/1704-1-0x00000000001F0000-0x0000000000238000-memory.dmp	family_chaos

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1704	2024-07-06_a2e4c1884134011f71494c640f8c6525_wannacry.exe

memory/1704-0-0x000007FEF5193000-0x000007FEF5194000-memory.dmp

Filesize
4KB

Download
memory/1704-1-0x00000000001F0000-0x0000000000238000-memory.dmp

Filesize
288KB

Download
memory/1704-2-0x000007FEF5193000-0x000007FEF5194000-memory.dmp

Filesize
4KB

Download