Extracted

• • Target

    master

  • Size

    331KB

  • MD5

    56e237b2a1dd68df3fc2bde6ac7b258c

  • SHA1

    a6b9b597c2182c4afd10627d5cc548eb79ad9259

  • SHA256

    537cb83cf6e1535bc94731a404ea1f55c06ca0eba3c2adcf8b5817837ac7a420

  • SHA512

    3f6d7950e74e6148f9cb1f74ffe22f51f5c65faf9caf7ab4c2a430e3327de3e13763fe504715d9abfc695f51e62b6c39c64bf8e4cc4e131e03d3786ada0a06a4

  • SSDEEP

    6144:ZBora3uokeOvHS1d1+sNs8wbiWQr94vZJT3CqbMrhryf65NRPaCieMjAkvCJv1Vy:bora3uokeOvHS1d1+sNs8wbiWQr94vZV

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwareworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1