Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-08-2024 09:06
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe
-
Size
3.6MB
-
MD5
9bfc22c930109a4dcafbe8a7934b9a32
-
SHA1
7b9390dce68cb9e9cfb2d36b6c3a61ab333bfa21
-
SHA256
1ecbcbe36b847b300a66090b2c006db1018c5464892fb4d816fcead37f57b529
-
SHA512
60f770dcc12c9c42b2da6400e66707c1acedfbc40a039969d28e724d798fdf0b707f06dbd58be4517e28eb0d1c70e4596d46ef9fd96b316d5bc79c5daa2e6a63
-
SSDEEP
49152:VnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvDI:Z8qPoBhz1aRxcSUDk36SAEdhvDI
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3376) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
pid Process 4108 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\WINDOWS\tasksche.exe 2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3768 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:4108
-
-
C:\Users\Admin\AppData\Local\Temp\2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-08-07_9bfc22c930109a4dcafbe8a7934b9a32_wannacry.exe -m security1⤵
- System Location Discovery: System Language Discovery
PID:3352
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD50ae301aecd98228b95f1a6fe722dd16d
SHA12c2a93fcf39595ed9731e30cce93eac5d47b22d0
SHA25660e82c3eb61c15e6e88c23e08e5476e67aa8c0385a04d3748d2cba02de931c1c
SHA5122571b1d004c2171e6e9248080c760d9e45229025ee7d633ca7fc50e40cbc6d7bc0da5a255e890d7e2f5de311167f0578c9467ff7505df773e0f558e4527ceccd