Overview

overview

10

Static

static

3

processlas...64.exe

windows10-2004-x64

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

CPUEater.exe

windows10-2004-x64

1

Insights.exe

windows10-2004-x64

1

InstallHelper.exe

windows10-2004-x64

1

LogViewer.exe

windows10-2004-x64

1

ProcessGovernor.exe

windows10-2004-x64

1

ProcessLasso.exe

windows10-2004-x64

9

ProcessLas...er.exe

windows10-2004-x64

5

QuickUpgrade.exe

windows10-2004-x64

6

ThreadRacer.exe

windows10-2004-x64

1

TweakScheduler.exe

windows10-2004-x64

1

bitsumsess...nt.exe

windows10-2004-x64

1

pl-update.cmd

windows10-2004-x64

1

pl.cmd

windows10-2004-x64

7

plActivate.exe

windows10-2004-x64

1

pl_rsrc_bulgarian.dll

windows10-2004-x64

1

pl_rsrc_chinese.dll

windows10-2004-x64

1

pl_rsrc_ch...al.dll

windows10-2004-x64

1

pl_rsrc_english.dll

windows10-2004-x64

1

pl_rsrc_finnish.dll

windows10-2004-x64

1

pl_rsrc_french.dll

windows10-2004-x64

10

pl_rsrc_german.dll

windows10-2004-x64

1

pl_rsrc_italian.dll

windows10-2004-x64

1

pl_rsrc_japanese.dll

windows10-2004-x64

1

pl_rsrc_korean.dll

windows10-2004-x64

1

pl_rsrc_polish.dll

windows10-2004-x64

1

pl_rsrc_ptbr.dll

windows10-2004-x64

1

pl_rsrc_russian.dll

windows10-2004-x64

1

pl_rsrc_slovenian.dll

windows10-2004-x64

1

Resubmissions

06-07-2024 22:02

240706-1x4eratgrl 7

06-07-2024 19:00

240706-xnn2xssgpc 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    processlassosetup64.exe

  • Size

    2.5MB

  • Sample

    240706-xnn2xssgpc

  • MD5

    079d9a59d53120f4835d58728a8a1614

  • SHA1

    8deb42134fe9d06e91c36ae196b0448c1ddc5e80

  • SHA256

    257f8251ab61b944b75deafc681030a20b6dd5ae03b8540d8f482a6c291efb96

  • SHA512

    cb572655f3a7b2c8767b9813b45e1ab8b76d16f6e7b29b922b0ea756091fc55663c4bcc935a71854e1049713bb51b3bc5c73827a3885bbe7ac0f84ef0303a14d

  • SSDEEP

    49152:K6+yyE+nj/76iNaWWHLjbZx8RI3DMl949upGnH/FrjWdTlxUZRS:Khj/76esbZDDMoApyfFrjkfiS

Score
10/10
wannacrydefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwarethemidatrojanworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

    • Target

      processlassosetup64.exe

    • Size

      2.5MB

    • MD5

      079d9a59d53120f4835d58728a8a1614

    • SHA1

      8deb42134fe9d06e91c36ae196b0448c1ddc5e80

    • SHA256

      257f8251ab61b944b75deafc681030a20b6dd5ae03b8540d8f482a6c291efb96

    • SHA512

      cb572655f3a7b2c8767b9813b45e1ab8b76d16f6e7b29b922b0ea756091fc55663c4bcc935a71854e1049713bb51b3bc5c73827a3885bbe7ac0f84ef0303a14d

    • SSDEEP

      49152:K6+yyE+nj/76iNaWWHLjbZx8RI3DMl949upGnH/FrjWdTlxUZRS:Khj/76esbZDDMoApyfFrjkfiS

    Score
    4/10
    behavioral1

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      24KB

    • MD5

      640bff73a5f8e37b202d911e4749b2e9

    • SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

    • SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    • SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • SSDEEP

      384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral4

    • Target

      CPUEater.exe

    • Size

      484KB

    • MD5

      b17fa00ea5eaa6514418d1f5a658e8d4

    • SHA1

      0dfe164e40916d937e031122530cfc870ebb17c7

    • SHA256

      2d90fa5a9db0213390d4f864a462ec5c006caf03ea55096bdc5cf46ccf8f6c54

    • SHA512

      440a8e6009dc69deca15431c9b4d1f8a2370a6891337362180b4aa8aa382060afa900d58504a52ed85d06c2e5dbd1fe4d95ae119c83141f7726d6b1c19ab5393

    • SSDEEP

      6144:dJWlpafqCDll1Ik4k5w/Fj/l4lvjlkdQvtIBK5UDEeBxhbYCp:dNfqi1d4k5OFjajlXtiK5UVUCp

    Score
    1/10
    behavioral5

    • Target

      Insights.exe

    • Size

      750KB

    • MD5

      412e905b54abd1e14ed03ce19d090e70

    • SHA1

      0808d564ba46022b6bdc5457838d1b17859831f7

    • SHA256

      55418f5693c9a5d3e28508b39bac660eaab178065ba6789298e1fd8002095a31

    • SHA512

      eac32d75bb94d76433050973dba949cf7a1fe99786ba2854ee063cd750ddae424a51c7817c256c6b0c1d38f43f58dd0a382d4513ba99dca7fd50248bb356d84e

    • SSDEEP

      6144:vEKsfeywcV9FOSZGItAOvd0UWI3csjf+pgxLyN6yr05/E9g0l873rYO+g7WGKV:NsfeRiOSZXtAOvd0m3+p8Ly16/sYKGK

    Score
    1/10
    behavioral6

    • Target

      InstallHelper.exe

    • Size

      764KB

    • MD5

      92abdca748e47cb140160230b54c5a9f

    • SHA1

      9f650c394477c26e9679c928e9292aff491bc460

    • SHA256

      692f402c7f1cd5db5f6e7074e5068e32ca3686bfb6e4896984187230b4291238

    • SHA512

      1868d4b55415c790bc7bc0ae9f85b9892056fe049d9b32b7f14f468aab1169091e15e88d1e808f9ca4e2e545ecf9b3a32ac34de7535ca3a6797adb72f7b5fac5

    • SSDEEP

      12288:OnKSfbJSYCQsHi2+NgaxZfWuzJxfeQXXbSKGhT:kKMwYCQsHi2EgaxZfWuzPfXbshT

    Score
    1/10
    behavioral7

    • Target

      LogViewer.exe

    • Size

      857KB

    • MD5

      96a1a75a99f6404a7a628d444576d6bd

    • SHA1

      1ef87d5de857f9ce9e6e9f49292c9743921e1afb

    • SHA256

      ec49086cc18cc388ff7e5717e7f6db35e13f9cbf47e3babe43f3082f2d7e34df

    • SHA512

      c41631b30d6d40b48cad93c9299805c621d0e94f2a106baf11ed7312b9c76dc8a093ccf0fd5a6c837c5e072bec6624870671f09a3a87992ba3f9400c353184b4

    • SSDEEP

      6144:T3iuBkOY8B59ASUsJHj1HMFdtX/jy+/6WOhVTgvBZOB6csuAPjNqXXB6uAPUFBmh:TnAQ16/jy+/ogZ4B2u1XB67PV38O9F

    Score
    1/10
    behavioral8

    • Target

      ProcessGovernor.exe

    • Size

      1.2MB

    • MD5

      cfdfe7f0dcfa090e86aec3eac408cb2c

    • SHA1

      58f6aa0cb957c8a93ecbf379313100dfbaf638e9

    • SHA256

      4ef5b4b9664c3ec9a7a8985885322de657275c4a4ce45a2eef3a8f745175b7f1

    • SHA512

      5cac13777d64773acced61b46ef19fb0e4143849423d53a5d2d8a34d098c735121d6268881d8bbae86e600e4365d93c863f396a90cc52c03e4e238951adbbaff

    • SSDEEP

      24576:hrtwU1qjJ4sVOH+RlpX7XQXqNACJa9Qf9s3UY+1:TwUkS4KaNLJa9QkL+

    Score
    1/10
    behavioral9

    • Target

      ProcessLasso.exe

    • Size

      1.8MB

    • MD5

      8fcf7cf04f9b344724759ee830e97ff7

    • SHA1

      7e89c71637362333246cb6f7b30f34a2b7693407

    • SHA256

      449c423ae1a63259989c85176dcc808f767346944eb40eac270ce27795abc1c2

    • SHA512

      3acc527ac9014db980d4c511fd416e32d627f616eb09559a2c3b0cb038a86eee6adf526488053fd09e34ba66fec6109bc534178e4371147d1b23f29803668759

    • SSDEEP

      24576:2XGXE/+1qw6stdHLyjToAdB4/5OH+5yU+yMj0lPj1VFLsPkUdKpVA7KykjgxDyQ3:kB+dHLcToMB4cUDHDVFAPkJVtNRi

    Score
    9/10
    discoveryevasionpersistenceprivilege_escalationthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Blocklisted process makes network request

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral10

    • Target

      ProcessLassoLauncher.exe

    • Size

      397KB

    • MD5

      ffba9b08c6fb3394e03b57f2fb4cec9a

    • SHA1

      21dfe7d8910159b769c248e56770a1dca9810b8c

    • SHA256

      9048d95e30d8ebe36b248da25ac9df5104c231ec3b0ae83a72ac31b513c13061

    • SHA512

      34fa80088b06566c660b19b4c1bbfcbce3dfbb50485bd9ede097577a2309c4f41afa5086541a87b25bda8b2e745336c135363b615782b84911334c959e921614

    • SSDEEP

      3072:c1hBjA8ZOHWQ97VpEwYNY/SzoDlArk7HoZ7WK7Tl/x:ghhA8IHW2VWIAr7WGp

    Score
    5/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11

    • Target

      QuickUpgrade.exe

    • Size

      470KB

    • MD5

      7ee9df8c8bcae05df1ca4f163fe1d8ad

    • SHA1

      8afb7a02451c7275d5c83c9adda12670980dae87

    • SHA256

      929b5910c1a2e4e595d7f2b7c7838317ae58671ca1fa38e2cc4144e093fe4afe

    • SHA512

      b149115c65a43fb709d06db2906164f90dda254d2a42f17b68b0bee14fdf3b1a56c03441b302fe7a62ba320d85bb023aaf16b2b590a9a40d611c5a9e64df99fa

    • SSDEEP

      3072:/MlF9kZSPyI9m1+rxy9dTDs/ZR1ctUA/86KF7HEyCwMQOrUsLVtPk7HoZ7WK7TRc:/Mlsi9u+ty9xElcyWK+EKfLP7WGo

    Score
    6/10

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral12

    • Target

      ThreadRacer.exe

    • Size

      534KB

    • MD5

      82c9c82d4cba471d9610ea4e977eee81

    • SHA1

      d033dafe04cc925a577750b278a8c881d172a940

    • SHA256

      cff87ebe133039b67d9a4ba6c7f370da797d51ca16c29e50cd956859e35cad1e

    • SHA512

      dca44221326502242b7d31fc2c330568bb1f89b957c7913e9488f6ac28ddde56f14dd0c2e4ff88fdb03acfab8b19637807423da87d391e5c34e5455dad35a5e6

    • SSDEEP

      6144:5POn8YlNnaeidAdYHRVEpvpcANd7WGKq:5PVYzaeidDnEpBdKGKq

    Score
    1/10
    behavioral13

    • Target

      TweakScheduler.exe

    • Size

      619KB

    • MD5

      899828fefc33dec645737ab418e66b73

    • SHA1

      25ded97d9bdcc76bc492121f7037607bb7880c3c

    • SHA256

      9716c3f7549196979af73d64c1587f45fcc7fe251de2a8efc5f69d818dd9a9c6

    • SHA512

      1c19fecbdde014d82c31f4d34fb641b5dcd5157f3b83e26da4afd318295f45cf66f2915e73deba95213fee95436a0424c0bad66ade7a1235035f1881504a2b1d

    • SSDEEP

      6144:ygvo9kk2z8iWNrJLMy7tIIpM/JZdbjKYop1qtWzUpNfV8OtxOVxaJ:292z8JfNNMxZdbjDofP8NCsJ

    Score
    1/10
    behavioral14

    • Target

      bitsumsessionagent.exe

    • Size

      177KB

    • MD5

      829167f1f56b6ea1ca6aace9a89bf306

    • SHA1

      466e6793f17b18ca33691ee3f227051614dffd7b

    • SHA256

      f211d0772d13c5258af7ccef5cd7e815a1e40def91c799b061d1b17070694169

    • SHA512

      091486ec463da26dfc04f8ee79b0d7ef5ebdfbe0876723716fcf9f64a620ba0d38461b585e33dffece98966eb10764efeaddf3d452792f787467ae2b7afb6f10

    • SSDEEP

      3072:fZqCWTn02jGqxokmkEYuhjj9GuUoSQzc8dEsjCNo2:hBWT02jKrYM9JBVFp2

    Score
    1/10
    behavioral15

    • Target

      pl-update.cmd

    • Size

      40B

    • MD5

      cd60ccd708d428df44ca1d454ad0d68e

    • SHA1

      83e3fb9ef19c7d3faabc0b391f96803652fda425

    • SHA256

      ab965ed0402b4c474fe6c988afee9957c5494c687745114fc80d1fb70fb071bb

    • SHA512

      b400530473683de0f7cba3f206b38ba1a0a4d3156a06168c3db0391eb33be1cb6fa65e736c746067aac394d538fc35de8764c30978734bcf4e84392b3294c10c

    Score
    1/10
    behavioral16

    • Target

      pl.cmd

    • Size

      77B

    • MD5

      aa54d58336d2565c369498d035737f8a

    • SHA1

      c6a8791264081a6f854b30ac11477bdd83a8cbee

    • SHA256

      9af8add66b2bb4a0252b65e0f13238055b601d689e8d29455d5b2c87f901fd7b

    • SHA512

      82d9eeab7cb95f012b55d531ba7af84546be650702f40ca294c74858eca5eadc0ed7a87bc65122df4093e483dffe1e04e306845871955b2dc4f5113f1cf34838

    Score
    7/10

    • Executes dropped EXE

    behavioral17

    • Target

      plActivate.exe

    • Size

      213KB

    • MD5

      1eb0b536ac077d922323e557b36cf0bd

    • SHA1

      0ce0b947984f7c323ff85a0cb0a4540410f5493a

    • SHA256

      511b2a948a1baaca6f78853aaad2b2aa0300ccca292938bf3ba6f03082d87634

    • SHA512

      6219d8e60542f0eb4eaf41bc6ea37c616f9efe1caf1847ccff87d847ead93e44b329813b3c60e4984ec67bebb7e4b1f115e8d0161100e9e071374e9d6db6e586

    • SSDEEP

      3072:rrtT90sKY/6RJcZNqQSkQ1P+lS70ehdgzI1NyD77+Gp:rp3/6YZEQSzP+I+7f

    Score
    1/10
    behavioral18

    • Target

      pl_rsrc_bulgarian.dll

    • Size

      1.9MB

    • MD5

      54b1cbf5711753f7e98f4c8c7df1fe3c

    • SHA1

      a18918c0cd189109cd552bc00428e85581df8ef6

    • SHA256

      92310264bb1bff39e1ab45f51aee709735b00d5bc94e5d32d725af1b8d2ec730

    • SHA512

      bf4e543b3c8217c74f7b7b955bbbea807bcfd135d32aa47e590374481b2aa8b6102ab15ca75093986b5df4860fa49c07332ec089181bb91792afe751b3655ca3

    • SSDEEP

      6144:7hlfFa9MmhuV2FFdq7qFrwnim0gsZEeV3dykIjFC8fB4adLxp7WGCNE/Jt1icNEb:7hlfcHokeFzLXKGh4ZJe6cwTqREewb

    Score
    1/10
    behavioral19

    • Target

      pl_rsrc_chinese.dll

    • Size

      1.8MB

    • MD5

      479cf4c42f6cf2a913207582a7324590

    • SHA1

      763dc335eb897241f3835ab858d797c0dc66d1eb

    • SHA256

      8e16f0412879df198780ed16259bec072fbc3a7b56c638ee0e51dda5779b882f

    • SHA512

      ee1b7c42e48930645b63ef6db6c88c5525d46c9bc8b7c3fa2b9bb33ef601321da4c86d37013692a0ec4bffec7b4cae656571669ddeede26a67f8e7ce4305f986

    • SSDEEP

      12288:RfcHo3WFzLXKGh4ZJe6cwTqREews02o8Q7:RfcHoUhUHTh157

    Score
    1/10
    behavioral20

    • Target

      pl_rsrc_chinese_traditional.dll

    • Size

      1.8MB

    • MD5

      3078a2096aaddd64c1fc166e2b0bfeb2

    • SHA1

      ba97a7e630da47a91390baf770f2861eec350a4b

    • SHA256

      30218ec5af253c898b58f4a299820598d022722a9c296ca68aa81046a73c53a9

    • SHA512

      e80c53ec99aa6fef4610f0a2d87a171a9e028267fd0984b82f92282074fb34b5496307896f3d7db17c468906e27c46c7ad754d3477d8722704249b3f3d069755

    • SSDEEP

      12288:fRfcHoANr9FzLXKGh4ZJe6cwTqREewClp:JfcHogdhUHTh14

    Score
    1/10
    behavioral21

    • Target

      pl_rsrc_english.dll

    • Size

      1.9MB

    • MD5

      258063bdcafc8fd2a2a50d9065989ad6

    • SHA1

      ee1bebd8c909d8ebe3b5b6f155c68fc7e6696e31

    • SHA256

      01b75b825eef6092db03156d3e87342a875bfd355a6cf8d9a87365f4c5fda85f

    • SHA512

      b0732da44481e09f38e903fab2bf81447bf661d785631ab2b7421a89b80ef2db38203d85dbea5535c5bb09e8550a2ca737db6c86eac372515ebdf803a59cb5ca

    • SSDEEP

      6144:DJfFa9MmhuV2FFdq7qFrwnim0gsZEeV3dyRNVMjFC8fB4adLxp7WGCNE/Jt1icNQ:tfcHox6FzLXKGh4ZJe6cwTqREewdc

    Score
    1/10
    behavioral22

    • Target

      pl_rsrc_finnish.dll

    • Size

      1.9MB

    • MD5

      bbb02f80b8c1addefd3d616b7d7f2c30

    • SHA1

      adb3c60f8a756f75475e18014f7a39c0a96c54da

    • SHA256

      88cc70afb11ca5ed59dfc85774de6c033882dbcee7b1c40aeae3d4969c5f3c66

    • SHA512

      21ddac73017be470083fec600356904ab36d1e17a1208f1e0e9afecbad650b7038eef7cdb41eb58d5017e7b555462e11c6b819f1ac173b4437a1a214954a9fc0

    • SSDEEP

      6144:ZlPfFa9MmhuV2FFdq7qFrwnim0gsZEeV3dyb0jFC8fB4adLxp7WGCNE/Jt1icNEX:bPfcHobiFzLXKGh4ZJe6cwTqREewX

    Score
    1/10
    behavioral23

    • Target

      pl_rsrc_french.dll

    • Size

      1.9MB

    • MD5

      306685beec9c359ee1c05402894d6bcb

    • SHA1

      06545b2b45775b8ec33240d6dcb93a49e62a7aab

    • SHA256

      ff2900d58680494449eb599fb7a28c30933553ae33062a705d6922594956ebfb

    • SHA512

      9dafae395c4bb8396a23d7100b8883226417a9c250c96407028faad3fc02bfcaf458d269d1a3c7a7ff73e5f088645d2c34b899a0d6aab25d6dea78516e1c2146

    • SSDEEP

      6144:42cfFa9MmhuV2FFdq7qFrwnim0gsZEeV3dyB3jFC8fB4adLxp7WGCNE/Jt1icNEZ:NcfcHoBTFzLXKGh4ZJe6cwTqREewwBg

    Score
    10/10
    wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwareworm
    behavioral24

    • Target

      pl_rsrc_german.dll

    • Size

      2.0MB

    • MD5

      fc95040ae013e5fe5ab6e622398aef30

    • SHA1

      0aa420e6d8bfc7b630dec36c36275bae515296c8

    • SHA256

      a22a0cb3540ce6e6f61534b635ace02155391744378438bbd2a0979efbb16386

    • SHA512

      ed52865c7609df083ea752b83e00d48ab9ba01e4774c2e9639ec476c0195b529a2b3eee1d9bd5524a5ac1e86e522ddf82e02c8512e741dabc5f1c66b5bd5ee5e

    • SSDEEP

      12288:9EfcHoyhFzLXKGh4ZJe6cwTqREewHv/Y55:9EfcHoehUHTh1oP

    Score
    1/10
    behavioral25

    • Target

      pl_rsrc_italian.dll

    • Size

      1.9MB

    • MD5

      450e517f56e8066abf10f9510f8c492c

    • SHA1

      568e40261a454b0705ccb492090f1b50f303065b

    • SHA256

      f6cffe8beee8602bfa6bd6f3853f87f803578fcfff207dbc2ceff806da5cc455

    • SHA512

      44f7d736b6e8e43fdd426641919ac6d7dd174afd217e9eb78aff182fa3642473a57e7f0af92fc340f00fdfd53f90fe6d50c48bb40eeb3280e9556a804fe685f4

    • SSDEEP

      6144:NWfFa9MmhuV2FFdq7qFrwnim0gsZEeV3dyhz91jFC8fB4adLxp7WGCNE/Jt1icNU:sfcHoh/FzLXKGh4ZJe6cwTqREewUu3

    Score
    1/10
    behavioral26

    • Target

      pl_rsrc_japanese.dll

    • Size

      1.8MB

    • MD5

      8405c86ae96856980df96b614cbeacaf

    • SHA1

      0b08955ecf137d735b7b095ed0eaf3aa3810a2a3

    • SHA256

      7c2d4f13d161493dcbdf83d2bf14f95079b2ffaf85c688a315ab88ad409b4d48

    • SHA512

      e4294e4f8115773c272178aa7fe809471f618be28590bb62014ff08ae46ce4a123393fb80a2c7a62f1bda3e80026afba03528f3bf5e9220c89ce4fec67b9f985

    • SSDEEP

      12288:/fcHodAFzLXKGh4ZJe6cwTqREewX7nsOMfzo:/fcHoohUHTh1hIc

    Score
    1/10
    behavioral27

    • Target

      pl_rsrc_korean.dll

    • Size

      1.8MB

    • MD5

      8a0cac4fc1e6157a32f1dcf8309a76b2

    • SHA1

      8c2760d0685fa8806701b89082e741912a6aab42

    • SHA256

      d901771dbb27ddcc95a9121598e1f3737a2c37769be9d7ac598e2fc8c6ac7c7d

    • SHA512

      96e283c4329b0462bb4bda88cc068421b4e14260270ef372ec8a81be4da9eb78993f157f19d84484e0e6e06b69deb2bdb06d9f436135e30c7ae3cdfb22c9d625

    • SSDEEP

      12288:ofcHo+ms8SFzLXKGh4ZJe6cwTqREew3qds9Fwtg:ofcHoPs8QhUHTh13qS9Ktg

    Score
    1/10
    behavioral28

    • Target

      pl_rsrc_polish.dll

    • Size

      1.9MB

    • MD5

      a0ba2b23104114bc305187d6761c2159

    • SHA1

      b523ac686f1e4fe6ff60ddef75366e3d5de5e2c3

    • SHA256

      2e3bcfe9c479e34667f73cf8abf5f194bdc472c65c4730bbb599a1ebca82a2c6

    • SHA512

      f836f222402fa20b732d5c1491cd117798eba2473a2a6a8574ab9d47a0a05a5e4a256674a3a04d1cd411ca3ec29485fa0d02c3b5779016150980d23e5d7b8fb4

    • SSDEEP

      6144:5Z1fFa9MmhuV2FFdq7qFrwnim0gsZEeV3dyE6jFC8fB4adLxp7WGCNE/Jt1icNE3:dfcHoEAFzLXKGh4ZJe6cwTqREew3

    Score
    1/10
    behavioral29

    • Target

      pl_rsrc_ptbr.dll

    • Size

      2.0MB

    • MD5

      19deb1133a267cdffdbe794b31d0c319

    • SHA1

      4f3a28909f46f0a88c1470b9485f57f29aab08a3

    • SHA256

      1b4fd3d258da96209969cd30707a19d881a9ceda3692d42da96ecf8d35ffede4

    • SHA512

      1d7fffda92de02cca79ae0ca906681a965f40163fc093196a179b82394a99a12c3346a9f8381770ab01e3b12e7255c5903cfc2cd40ef5f402809bd678bcb5265

    • SSDEEP

      6144:MFfFa9MmhuV2FFdq7qFrwnim0gsZEeV3dy8ojFC8fB4adLxp7WGCNE/Jt1icNE/X:6fcHo8+FzLXKGh4ZJe6cwTqREew6

    Score
    1/10
    behavioral30

    • Target

      pl_rsrc_russian.dll

    • Size

      1.9MB

    • MD5

      0b3028c9390588dd5589c5d41e287484

    • SHA1

      4aa02537c9a447f49815c541e19607388eaf292b

    • SHA256

      bf32d38ebc3e584c6df5d8814784738b2258fb85009cf2499e512ab5de8895ba

    • SHA512

      92271ae1d452192157f35d8e490eddd278c6aef68db5e34e2e56b80b15b769befd87ea859e039ba2c008fc5e94ba332584d19e597beae222ffd2196a27727879

    • SSDEEP

      6144:+befFa9MmhuV2FFdq7qFrwnim0gsZEeV3dyKIjFC8fB4adLxp7WGCNE/Jt1icNE2:TfcHoKeFzLXKGh4ZJe6cwTqREewFw

    Score
    1/10
    behavioral31

    • Target

      pl_rsrc_slovenian.dll

    • Size

      1.9MB

    • MD5

      936e1ed63cf9b2630431e519a425be10

    • SHA1

      52160ae9a432f67c0be943fa2473f065bd272fbc

    • SHA256

      9b7220da16ee0bf2df02bceb72de27d42b78427e552412a352958dab8143b8f4

    • SHA512

      58131831b5803c4cc46494f9b15b46edcd862bfa35c553f9627709e631a731650cb8f7eed45aa0cf64a144915dba829f91b6af29035024a35b515b690ae90191

    • SSDEEP

      12288:znfcHoWmFzLXKGh4ZJe6cwTqREewNXGAt:znfcHozhUHTh1NXGI

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Modify Registry

4
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

10
T1012

System Information Discovery

9
T1082

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

1
T1490

Tasks

static1

Score
3/10

behavioral1

Score
4/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

discoveryevasionpersistenceprivilege_escalationthemidatrojan
Score
9/10

behavioral11

Score
5/10

behavioral12

Score
6/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
7/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwareworm
Score
10/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10