General
-
Target
hel.txt
-
Size
119B
-
Sample
240803-t4b6hstdkb
-
MD5
508c8862355296708a0423012dad2351
-
SHA1
22c718de051d572d55e22b83c478cf39b563d4c4
-
SHA256
0222cc61c820439a567eea5723d3e3a4395a0d5be62db28f79c7ff5af4383eb1
-
SHA512
bf0b34c1358f51907fd9208a8ec51900101f7de80ff1485e88625f25f248f7096c86efe2a4d12cb71644c86830620019a8af624811c2e31abda49a1a047002b8
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
hel.txt
-
Size
119B
-
MD5
508c8862355296708a0423012dad2351
-
SHA1
22c718de051d572d55e22b83c478cf39b563d4c4
-
SHA256
0222cc61c820439a567eea5723d3e3a4395a0d5be62db28f79c7ff5af4383eb1
-
SHA512
bf0b34c1358f51907fd9208a8ec51900101f7de80ff1485e88625f25f248f7096c86efe2a4d12cb71644c86830620019a8af624811c2e31abda49a1a047002b8
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
3