General
-
Target
sample
-
Size
501KB
-
Sample
240827-wv4khstgne
-
MD5
d518765a80699b4497e0e7861fcba48e
-
SHA1
43493b3108dbad6e0444294a2a654226dd456d01
-
SHA256
3f2dd083f499b9d437af6db0a8d96a9b8a9e906e3905f583b6b24c0f8b06ec90
-
SHA512
1fa6660df85d0be0e5d4336c8059e9b49cf671d7dd40b8520ba3a7161deccfe39b327a8aec0b63a5e2c55bb3d64a5c3c7fcbdee76fa4e4f910b0600a597e6ad0
-
SSDEEP
6144:zA4lyylyElynlyulyVlyhlyjlyulyClyUP4a:zJlrlDl8lDl6lilOlzl9l5Px
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win11-20240802-en
Malware Config
Extracted
C:\Users\Admin\Downloads\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
sample
-
Size
501KB
-
MD5
d518765a80699b4497e0e7861fcba48e
-
SHA1
43493b3108dbad6e0444294a2a654226dd456d01
-
SHA256
3f2dd083f499b9d437af6db0a8d96a9b8a9e906e3905f583b6b24c0f8b06ec90
-
SHA512
1fa6660df85d0be0e5d4336c8059e9b49cf671d7dd40b8520ba3a7161deccfe39b327a8aec0b63a5e2c55bb3d64a5c3c7fcbdee76fa4e4f910b0600a597e6ad0
-
SSDEEP
6144:zA4lyylyElynlyulyVlyhlyjlyulyClyUP4a:zJlrlDl8lDl6lilOlzl9l5Px
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1