General
-
Target
734239800103
-
Size
15KB
-
Sample
240822-lwqpyazglb
-
MD5
44bdbe9e6b58a5012c2a364de1a3cc04
-
SHA1
f9839b61cb9b497bc3693e2b113f84545d71f097
-
SHA256
51f0b0c42a937dce1113976a1a4b8c8708da0dfd8793d1575296e3db41f239cb
-
SHA512
f3045dbeced02a8ef68456a822a8c37f01f9e453818f07457ac77f6e0dfe2e342c3983d041d92784c84a316d10bd6c45c3230128fed54e4bd5f0e2e7173860c0
-
SSDEEP
192:PNxyShvK9moqTJkNrv23uJJayEXmPhrD+4F4Pum3fm6sVxC+oFj49KFYynN:yShi9boJkNz3JJPAGGO6sC+oiSPN
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
734239800103
-
Size
15KB
-
MD5
44bdbe9e6b58a5012c2a364de1a3cc04
-
SHA1
f9839b61cb9b497bc3693e2b113f84545d71f097
-
SHA256
51f0b0c42a937dce1113976a1a4b8c8708da0dfd8793d1575296e3db41f239cb
-
SHA512
f3045dbeced02a8ef68456a822a8c37f01f9e453818f07457ac77f6e0dfe2e342c3983d041d92784c84a316d10bd6c45c3230128fed54e4bd5f0e2e7173860c0
-
SSDEEP
192:PNxyShvK9moqTJkNrv23uJJayEXmPhrD+4F4Pum3fm6sVxC+oFj49KFYynN:yShi9boJkNz3JJPAGGO6sC+oiSPN
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
2