Extracted

• • Target

    6cf41e72620cafb1577415d626dbb66c8c796d7167164ca091a27c4273378a20.exe

  • Size

    3.4MB

  • MD5

    c98e7230adb1ba8d2f2082ca885068bb

  • SHA1

    523a6fdf84bc1b0eec54d9532b3dbe564f29af38

  • SHA256

    6cf41e72620cafb1577415d626dbb66c8c796d7167164ca091a27c4273378a20

  • SHA512

    fd20a85e28ca7e4db3015299ce2b047c7868978ca98e170f3251b831b70214f6b4466b2e324edd9e5df33672d918be68929c975838dde8e877c94ea60d57c641

  • SSDEEP

    98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:QqPe1Cxcxk3ZAEUadzR8yc4g

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2