chaos | 79cc769744baf78a6d4524b3de7b25e3935c8d2009beea1e4b8c7b73a0eb19ab | Triage

Submit
Reports

Overview

overview

Static

static

2024-08-22...ry.exe

windows7-x64

2024-08-22...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-08-22_1dc0db4651651bf3729eb659557dad1a_wannacry
Size

242KB
Sample

240822-w1pnjs1dja
MD5

1dc0db4651651bf3729eb659557dad1a
SHA1

d1d6132278b81fd6f5b89647aa229552afc5b074
SHA256

79cc769744baf78a6d4524b3de7b25e3935c8d2009beea1e4b8c7b73a0eb19ab
SHA512

ed220ceb77fbea9ecab9642a122c2dc34ccfd95642e55e9768e28983a0c68252251a5e36c6720c4055bd09818a5b0ca4911be7ac8c6338f56639597e8237f73a
SSDEEP

6144:CDpWZJJchBRsZVtZc9eZBp1EvtxFzASUEEa2Xs3T:CVk2bELZBp1EvBzNUEEa2Xs3

Score

10^/10

chaos evasion ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-08-22_1dc0db4651651bf3729eb659557dad1a_wannacry.exe

Resource

win7-20240704-en

chaos evasion ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-08-22_1dc0db4651651bf3729eb659557dad1a_wannacry.exe

Resource

win10v2004-20240802-en

chaos evasion ransomware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-08-22_1dc0db4651651bf3729eb659557dad1a_wannacry
- Size
  
  242KB
- MD5
  
  1dc0db4651651bf3729eb659557dad1a
- SHA1
  
  d1d6132278b81fd6f5b89647aa229552afc5b074
- SHA256
  
  79cc769744baf78a6d4524b3de7b25e3935c8d2009beea1e4b8c7b73a0eb19ab
- SHA512
  
  ed220ceb77fbea9ecab9642a122c2dc34ccfd95642e55e9768e28983a0c68252251a5e36c6720c4055bd09818a5b0ca4911be7ac8c6338f56639597e8237f73a
- SSDEEP
  
  6144:CDpWZJJchBRsZVtZc9eZBp1EvtxFzASUEEa2Xs3T:CVk2bELZBp1EvBzNUEEa2Xs3
Score

10^/10

chaos evasion ransomware
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

chaosevasionransomware

behavioral2

chaosevasionransomware

© 2018-2025

Terms | Privacy