Overview

overview

10

Static

static

3

2024-07-23...ry.exe

windows7-x64

10

2024-07-23...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-23_3c605f2e9af22601b6dec4daa2c95fc0_wannacry.exe

  • Size

    5.0MB

  • MD5

    3c605f2e9af22601b6dec4daa2c95fc0

  • SHA1

    54fa86b01803db3cbe588a5f3be19773256fe518

  • SHA256

    65ffed1aa8fe44b4261f214de32f74e853d43d1b9ca425182ae0193ea5d29a9d

  • SHA512

    e96217a27b25e534f733db84098644fa736a93d54de72a1d76a73f29960be77ac657f7989b4b8bdd40437b5f9072070e518f9487ba78fe4510ec68c361b1ce69

  • SSDEEP

    6144:eE9l9ynRIYVTH5DgSgNajldktM0XXrO2/HJKyrYev3AiiVjAqZfAgbJ3iqMgAyY:e1bLgmlu//dhAvVLJAmd3A

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3229) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 2 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-23_3c605f2e9af22601b6dec4daa2c95fc0_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-23_3c605f2e9af22601b6dec4daa2c95fc0_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:4964
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        3⤵
        • Program crash
        PID:3968
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 260
        3⤵
        • Program crash
        PID:4888
  • C:\Users\Admin\AppData\Local\Temp\2024-07-23_3c605f2e9af22601b6dec4daa2c95fc0_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-07-23_3c605f2e9af22601b6dec4daa2c95fc0_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2784
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4964 -ip 4964
    1⤵
      PID:1216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4964 -ip 4964
      1⤵
        PID:4564

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\tasksche.exe
        Filesize

        2.0MB

        MD5

        250ff99090260532ff0acf9da52e8602

        SHA1

        f51193260ef8396caf576c432ddaece649928a6b

        SHA256

        faeebe09f45e15faf27a262ef3780feed5b4c3e885cad37742635fd490d74109

        SHA512

        be5fefd2744a2277b6ac1a24899e6112775e0e48fd7d7868032a7984bb84cbafdb9e628682e21650a5521ba1168ca3686079842b83e2a946f41b47e8dae2b475

        Download Submit