General
-
Target
WannaCry-main.zip
-
Size
3.3MB
-
Sample
240710-xjhpcawhjb
-
MD5
3c7861d067e5409eae5c08fd28a5bea2
-
SHA1
44e4b61278544a6a7b8094a0615d3339a8e75259
-
SHA256
07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635
-
SHA512
c2968e30212707acf8a146b25bb29c9f5d779792df88582b03431a0034dc82599f58d61fc9494324cc06873e5943f8c29bffd0272ca682d13c0bb10482d79fc5
-
SSDEEP
98304:yvB7TUkt1NCLt2SUlW/6GQkBhLp0ClD/5vVayInJOo3s:yvjNct2TW/rQk6CN1VayQUoc
Static task
static1
Behavioral task
behavioral1
Sample
WannaCry-main/WannaCry.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
WannaCry-main/WannaCry.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
WannaCry-main/WannaCry.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
WannaCry-main/WannaCry.exe
Resource
win11-20240709-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Extracted
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
WannaCry-main/WannaCry.EXE
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Windows Management Instrumentation
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1