Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/c...

windows10-1703-x64

10

https://github.com/c...

windows11-21h2-x64

10

Resubmissions

12-08-2024 22:05

240812-1zzjkssgll 10

12-08-2024 22:02

240812-1x4qhssfkm 6

Analysis

  • max time kernel
    316s
  • max time network
    1592s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-08-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/chronosmiki/RANSOMWARE-WANNACRY-2.0/blob/master/Ransomware.WannaCry.zip

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 3 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://github.com/chronosmiki/RANSOMWARE-WANNACRY-2.0/blob/master/Ransomware.WannaCry.zip"
    1⤵
      PID:3080
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Suspicious use of NtCreateProcessExOtherParentProcess
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:296
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2252
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4644
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3604
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2740
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:5048

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P0YCEOVA\code-34406d39e629[1].css
      Filesize

      31KB

      MD5

      ee14556fc6c8c5e35d7acf63edb7c840

      SHA1

      6e106d8fb2bcdbf90a553b2db5ad3faf8b5b1d35

      SHA256

      e98b22b626274eb24481f138c7aed6681b3ade70d4427bc0cb05ceccd9ef4a61

      SHA512

      34406d39e629a65f5162757c5142f9b02149d2d18caedf15a528315a5dddccc86f3445c852f7e42a2979004b3c07ffe62c1b0c13cf5b60f6b8a06e5836027b67

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC99F8DF58D663F03.TMP
      Filesize

      16KB

      MD5

      9c8f13140d7635c54af02b234e367d59

      SHA1

      61e09fc75f189ed9bc8f0b5ad8fcc89f731ef0c2

      SHA256

      0f618e2910e3e745a8b03d00d63f4adf4c6ae6f3a17666cc4274b11c71ad07fb

      SHA512

      ecefe1d9d86002ebb6ed871d387f80aea5204f8f57884da0b38bf6cca8942d0bce8fdeb9b91f562929a657961ae3f8a3ec9a64c720360f5ca9868f169679baeb

      Download Submit

    • memory/296-17-0x0000015003130000-0x0000015003140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/296-35-0x0000015007300000-0x0000015007302000-memory.dmp

      Filesize

      8KB

      Download

    • memory/296-207-0x0000015007250000-0x0000015007251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/296-203-0x0000015007320000-0x0000015007321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/296-200-0x0000015007470000-0x0000015007472000-memory.dmp

      Filesize

      8KB

      Download

    • memory/296-0-0x0000015003020000-0x0000015003030000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2740-53-0x000001C40D430000-0x000001C40D432000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2740-69-0x000001C40E000000-0x000001C40E100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2740-51-0x000001C40D410000-0x000001C40D412000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2740-48-0x000001C40D3E0000-0x000001C40D3E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3604-45-0x0000028FD2210000-0x0000028FD2310000-memory.dmp

      Filesize

      1024KB

      Download