Extracted

• • Target

    2024-08-22_3145e01552c624ec11f6ba2013df3a47_wannacry

  • Size

    977KB

  • MD5

    3145e01552c624ec11f6ba2013df3a47

  • SHA1

    5d0e246da9867029deeb5176498a030b72b73cc3

  • SHA256

    acc2734b37126563bff38910f6cb644097d4dfc2db4f48bd0f21f9bf91c83509

  • SHA512

    4d9c01ae8ed5d237946467aa66b5a48db8198c4bd060487a83a4ddb4ba1209a56dd31c110ed0f6b4da94abe7e91ba1358eada097d5693cf360b993fe8d73a3ce

  • SSDEEP

    6144:REeJSMXXdWcIN52KRfN75gb17B2bQBHZJJchBRsZVhr99UwQ9c:RXJSMXXdWCKRl9gb17IbQJ2bSUte

  Score

  10^/10

  chaosevasionransomware

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2