Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09-08-2024 13:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe
-
Size
8.0MB
-
MD5
1a5d4cb874f56fe6a97939192d411b8e
-
SHA1
3ef1ef5f95311642729260a8943770d2818bee74
-
SHA256
0f9228939702a12e0c07215383c63734eac714eb32182be2e230eec80c8cfe7d
-
SHA512
1ec3765dea6663d7a3b1e4d45066c8453d930f21ffa057a6123ecf7cd037e5bf3f65b46a74e7cc2f399b34b4e4ce74f68e22cc1262977acaffee3c1bdfac8884
-
SSDEEP
49152:U0qALES64w1sbfMZuZR30hlhbFv6yELWTKZKy/KniB/:5bd3kbFSkOZK9i
Score
10/10
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Renames multiple (860) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 64 IoCs
Processes:
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exedescription ioc process File created C:\Windows\SysWOW64\drivers\ja-JP\wfplwfs.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\gm.dls.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\ja-JP\wfplwfs.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\fr-FR\ndiscap.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\fr-FR\wfplwfs.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\es-ES\ndiscap.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\de-DE\NdisImPlatform.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\de-DE\NdisImPlatform.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\fr-FR\NdisImPlatform.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\it-IT\NdisImPlatform.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\uk-UA\NdisImPlatform.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\uk-UA\NdisImPlatform.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\it-IT\ndiscap.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\it-IT\wfplwfs.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\de-DE\wfplwfs.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\gm.dls 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\fr-FR\NdisImPlatform.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\es-ES\ndiscap.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\de-DE\NdisImPlatform.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\afunix.sys.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\it-IT\NdisImPlatform.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\fr-FR\NdisImPlatform.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\gmreadme.txt.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\ja-JP\ndiscap.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\ja-JP\NdisImPlatform.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\ja-JP\NdisImPlatform.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\afunix.sys 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ndiscap.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\fr-FR\wfplwfs.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\es-ES\NdisImPlatform.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\es-ES\NdisImPlatform.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\de-DE\ndiscap.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\it-IT\wfplwfs.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\es-ES\ndiscap.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\es-ES\wfplwfs.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\ja-JP\ndiscap.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\es-ES\NdisImPlatform.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\es-ES\wfplwfs.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ndiscap.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\uk-UA\NdisImPlatform.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\ja-JP\NdisImPlatform.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\ja-JP\wfplwfs.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\it-IT\NdisImPlatform.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\es-ES\wfplwfs.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\afunix.sys.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\de-DE\wfplwfs.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\it-IT\ndiscap.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\it-IT\wfplwfs.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\gm.dls.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\de-DE\ndiscap.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\de-DE\ndiscap.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\fr-FR\wfplwfs.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\drivers\fr-FR\ndiscap.sys.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe -
Manipulates Digital Signatures 2 IoCs
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
Processes:
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exedescription ioc process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\wintrust.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 33 IoCs
Processes:
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exedescription ioc process File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-publiclibraries_31bf3856ad364e35_10.0.19041.1_none_cbd9ad4986c925d5\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme1_31bf3856ad364e35_10.0.19041.1_none_8ccb1090444b78d3\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ktopini-maintenance_31bf3856ad364e35_10.0.19041.1_none_148b41803c849a3c\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_10.0.19041.1_none_19358785a81a86d6\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..2-kf-commonpictures_31bf3856ad364e35_10.0.19041.1_none_36436b821c9e7209\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fontext_31bf3856ad364e35_10.0.19041.1_none_5476a60692fad199\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..sktopini-sendtouser_31bf3856ad364e35_10.0.19041.1_none_be359f0533764571\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ktopini-accessories_31bf3856ad364e35_10.0.19041.1_none_a208296858c76413\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..32-kf-commondesktop_31bf3856ad364e35_10.0.19041.1_none_a81a33274fb1b624\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fontext_31bf3856ad364e35_10.0.19041.423_none_7c917c97525f1487\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_10.0.19041.1_none_905c6a851ca62951\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..2-kf-commonprograms_31bf3856ad364e35_10.0.19041.1_none_047fa97bc9873117\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commonstartmenu_31bf3856ad364e35_10.0.19041.1_none_f6eee8789c1c6fdd\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\Web\Wallpaper\Theme2\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell32-kf-public_31bf3856ad364e35_10.0.19041.1_none_0cf1a65e91dfb2be\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ktopini-systemtools_31bf3856ad364e35_10.0.19041.1_none_345e4e1d2701732b\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ini-systemtoolsuser_31bf3856ad364e35_10.0.19041.1_none_d69cbb4282e4fe2c\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..32-kf-commonstartup_31bf3856ad364e35_10.0.19041.1_none_b2014b56ea660ec9\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_11.0.19041.1_none_2108f0881e5a7a03\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme2_31bf3856ad364e35_10.0.19041.1_none_8ccaf9c8444b9274\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-programfiles_31bf3856ad364e35_10.0.19041.1_none_cb8c8caad1a2ad44\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-commonvideos_31bf3856ad364e35_10.0.19041.1_none_923716ddadd939c8\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ini-accessoriesuser_31bf3856ad364e35_10.0.19041.1_none_d9f53b39b3834744\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\Web\Wallpaper\Theme1\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell32-kf-commonmusic_31bf3856ad364e35_10.0.19041.1_none_2f07a4cad3dec315\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondocuments_31bf3856ad364e35_10.0.19041.1_none_04c252e5678f305a\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-userprofiles_31bf3856ad364e35_10.0.19041.1_none_39d6d106c6f70bec\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..kf-commonadmintools_31bf3856ad364e35_10.0.19041.1_none_0b090bb5ae01dd1a\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ini-maintenanceuser_31bf3856ad364e35_10.0.19041.1_none_bbf8ad8ff53c9b5b\Desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-programfilesx86_31bf3856ad364e35_10.0.19041.1_none_3870d3554f39ac78\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_11.0.19041.1_none_4b0e6b545bf0f4e7\desktop.ini 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe -
Drops file in System32 directory 64 IoCs
Processes:
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exedescription ioc process File opened for modification C:\Windows\SysWOW64\wbem\es-ES\iscsiwmiv2_uninstall.mfl.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\it-IT\setup16.exe.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\Dism\de-DE\TransmogProvider.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\SmbComponent.cdxml.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\it-IT\adsldpc.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\ja-JP\jscript9.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\oleaccrc.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\ExSMime.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\fr-FR\Windows.ApplicationModel.Store.TestingFramework.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\wbem\en-US\npivwmi.mfl 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\fr-FR\msftedit.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\wbem\fr-FR\nlmcim_uninstall.mfl.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\ja-JP\netsh.exe.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\System32\charmap.exe.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\wbem\es-ES\mstscax.mfl 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\en-US\sxs.dll.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\Dism\it-IT\LogProvider.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\Windows.Devices.Lights.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\Dism\en-US\GenericProvider.dll.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\System32\cxcredprov.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\TokenBrokerUI.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\sud.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\fr-FR\avicap32.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\clb.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\provsvc.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\occache.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\System32\ChtAdvancedDS.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\D3DCompiler_47.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\System32\CastingShellExt.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\uk-UA\PlayToStatusProvider.dll.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\System32\DevicePairing.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\System32\DeviceUpdateAgent.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\bootcfg.exe 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\wbem\en-US\storagewmi_passthru.mfl.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\de-DE\lipeula.rtf 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\slmgr\0410\slmgr.ini.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\pcbp.rs.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\mfcm140u.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\PSDesiredStateConfiguration.Resource.psd1 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\fr-FR\msjint40.dll.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\AppVClientPS.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\GameInput.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\es-ES\wlanpref.dll.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\System32\DdcAntiTheftApi.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\MSFT_ArchiveResource.psm1.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\uk-UA\lipeula.rtf 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\wbem\uk-UA\ipmiprr.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\de-DE\hh.exe.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\srumsvc.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\System32\cellulardatacapabilityhandler.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\Licenses\neutral\OEM\Professional\license.rtf 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\fr-FR\miguiresource.dll.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\wbem\es-ES\nlmcim_uninstall.mfl.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\ja-JP\packager.dll.mui.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\it-IT\WF.msc.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\wship6.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterPort_v1.0.cdxml.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\System32\deviceassociation.dll.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\dot3msm.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SysWOW64\wbem\it-IT\FolderRedirectionWMIProvider.mfl 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\SysWOW64\fr-FR\wiadss.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe -
Drops file in Windows directory 64 IoCs
Processes:
2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exedescription ioc process File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-d..iamanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_c43cc6bff54f38a1.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd341401a09aa4a7\dnsrslvr.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-tapiservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_3cc6eb1a810617df.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-m..ameserver.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4145ab50668d0c0a.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57.cat.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft.powershell.pester_31bf3856ad364e35_10.0.19041.1_none_8a237828132e61da\Contain.ps1 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.746_none_b83305e47a98185b\r\vsstrace.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-spectrum.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2dfb957904ed7b47\spectrum.exe.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.173_none_44d0e01d8cc1c546\TempSignedLicenseExchangeTask.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_10.0.19041.1_none_0b467e1bbfc838a3\portabledevicetypes.mof.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_10.0.19041.746_none_fba89dce325efce1\f\prntvpt.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_10.0.19041.1_none_9df2a9e036a9cb0c.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.19041.1_none_4c13d8f934672657.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.dsc.core.resources_31bf3856ad364e35_10.0.19041.1_it-it_5d16ef05685cb0a0\DscCore.mfl 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_10.0.19041.1_none_9a6291031bb04388\person_r.cur.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-mfcore_31bf3856ad364e35_10.0.19041.264_none_ceba4717b612f0a8\r\mfcore.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_sr-..-rs_569962e18a676010.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_38b477bf05e07ef4.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_10.0.19041.1_none_ee563fa044b1982d.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.parentalcontrolssettings_17e5c3595e118a55.cdf-ms.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-twext_31bf3856ad364e35_10.0.19041.906_none_3a295fdef1a35149\f\twext.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_10.0.19041.1_none_0de7142c1de6b3c2\activeds.tlb.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo\retailDemoAdvanced.html.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\x86_netfx-mscorie_dll_b03f5f7f11d50a3a_10.0.19041.1_none_ab7f1f91012bd3e0\mscorie.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_34114e40f674dea5.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-usbceip.resources_31bf3856ad364e35_10.0.19041.1_de-de_a8e73645cad53900.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wlangpclient.resources_31bf3856ad364e35_10.0.19041.1_de-de_e44336340feadd7f\wlgpclnt.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.746_none_251e769058968366\f\DXP.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_094fe93477011d02\audiodg.exe.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_dual_stexstor.inf_31bf3856ad364e35_10.0.19041.1_none_c9c44fb9e5d655c1\stexstor.sys.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_11.0.19041.1_it-it_235614bcc5610e0e\occache.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_system.net.resources_b03f5f7f11d50a3a_4.0.15805.0_es-es_6bbcfaa7102c73b1\System.Net.resources.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-24.png 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrorrenewrentallicense.html.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-b..2provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_39f1acd3f94d2ccc.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b8e9c3d229419e64\Windows.Media.Speech.UXRes.dll.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-e..ficiencywizard-task_31bf3856ad364e35_10.0.19041.1023_none_eec8a6abc3d2c2fa.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Backup\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_10.0.19041.1_es-es_f2c99b30decb81ab.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..-enterprise-license_31bf3856ad364e35_10.0.19041.1266_none_b587b6bda28cdd81\r\Enterprise-OEM-NONSLP-1-pl-rtm.xrm-ms 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\msil_microsoft.powershel..agnostics.resources_31bf3856ad364e35_1.0.0.0_es-es_4fc14e10336065df\Microsoft.PowerShell.Commands.Diagnostics.resources.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft.packagema..agesource.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3d00e6e4555e0b87.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_multimedia-restrict..ll-wow64-deployment_31bf3856ad364e35_10.0.19041.1_none_1c21ce5c53257987.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-charmap.resources_31bf3856ad364e35_10.0.19041.1_en-us_a784ac3fcb8ba3e3\charmap.exe.mui.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-r..tance-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_257068a1b3363f90.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e8440c09eef3f557\ShFusRes.dll.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\network.html.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\Folder_Large.scale-100.png.WNCRY 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_ced7c99949a15358.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\x86_microsoft-windows-d..-dsdbutil.resources_31bf3856ad364e35_10.0.19041.1_de-de_f0e57539fcdb8ee1.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_10.0.19041.1_none_91ee45adf66d2af8\MSDvbNP.ax 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-rasbase-core_31bf3856ad364e35_10.0.19041.546_none_0fdfc09722e8c30a\ndistapi.sys 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_fdrespub_31bf3856ad364e35_10.0.19041.1_none_35654e405dca963f\fdrespub.mof 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_hu-hu_92e52d62550995c1\comctl32.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_10.0.19041.746_none_57db037f5373cd32\r\Win32_Tpm.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-e..oyment-languagepack_31bf3856ad364e35_10.0.19041.1_de-de_1dfc25ee5c71a762.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-hnetcfgclient_31bf3856ad364e35_10.0.19041.746_none_6f54def0ad102687\HNetCfgClient.dll 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_sr-..-rs_36708095397b6683\comctl32.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_10.0.19041.746_none_af27db7894cefc18.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_da-dk_882f8e141ce6a40d.cdf-ms 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\wow64_microsoft.powershel..resources.resources_31bf3856ad364e35_10.0.19041.1_de-de_99209f2d930701cb\MSFT_WindowsOptionalFeature.schema.mfl.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-v..-onecore-deployment_31bf3856ad364e35_10.0.19041.1_none_6063c88678103a0c.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\Manifests\msil_microsoft.powershel..flow.host.resources_31bf3856ad364e35_10.0.19041.1_en-us_faf30b6e50f68966.manifest 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File created C:\Windows\WinSxS\Manifests\msil_system.core.resources_b77a5c561934e089_10.0.19041.1_it-it_7a174e05fe2a7c8d.manifest.WNCRYT 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c1ce944867228e7d\BWContextHandler.dll.mui 2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-09_1a5d4cb874f56fe6a97939192d411b8e_wannacry.exe"1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Windows directory
PID:3628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
283B
MD5d865ce638145bee04043d3dba81ded8b
SHA15ccde3062771f95817b17f19e7f7c56ef7efc179
SHA2560d11b5a0b3367beaee54bcd6d0704eca3313a4e971bab817703a69ad29e26e06
SHA512147192e77e3af18754f421d0cc5c872ed88da71ea0ed1f455f7b9192742fadb3eb8526cf86542d26e9975fad1244c70d807128dac6583ae41f751feb1c1c4896