2024-08-30_eb78a7bd3200e1635ba307856f32745f_lockbit_wannacry

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-30_eb78a7bd3200e1635ba307856f32745f_lockbit_wannacry
Size

146KB
MD5

eb78a7bd3200e1635ba307856f32745f
SHA1

1e22294cd479bb23fe43c1573cd9d263f1f6d2fa
SHA256

113fc9865d0231fff4a2863a249bb3d74166717391ea2a862d1f9d7cfca56e60
SHA512

262c3fabd6967a4b17b0ad52c9edefdd34752836dc8903d9d2758ef3d68e4321d5d4c2cb3ef41c31de40cbe97ba10d74b438ba0860a77fcefb09d4b1b3a0a3f5
SSDEEP

3072:V6ZkRGjkBrmKmY99UpkD1/34bIpVSrtLmqc2LVMMqqD/h2LuTeONA5tIHVc:IS9rLPPUpa3VVEtLXcCqqD/hOQnaMc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-08-30_eb78a7bd3200e1635ba307856f32745f_lockbit_wannacry

Files

2024-08-30_eb78a7bd3200e1635ba307856f32745f_lockbit_wannacry
.exe windows:5 windows x86 arch:x86

e9f710b579880d1b6ff748176eb620f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetShareEnum

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup
ioctlsocket

crypt32

CryptBinaryToStringA

gdiplus

GdipGetImageEncodersSize
GdipDeleteGraphics
GdipDeleteStringFormat
GdipGetImageGraphicsContext
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipCloneBrush
GdipDrawString
GdipFree
GdipDeleteBrush
GdipAlloc
GdipDisposeImage
GdipCreateLineBrushFromRect
GdipSetStringFormatLineAlign
GdipCreateFont
GdiplusStartup
GdipGetGenericFontFamilySansSerif
GdipCreateStringFormat
GdipDeleteFontFamily
GdipGetImageEncoders
GdipFillRectangle
GdipCreateFontFamilyFromName

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveBackslashW
PathRemoveExtensionA
StrFormatByteSize64A
PathRemoveFileSpecW

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetAddConnection2W

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
NtClose
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
NtSetInformationProcess
RtlCreateAcl
NtWaitForSingleObject
NtSetInformationFile
RtlDosPathNameToNtPathName_U
NtCreateIoCompletion
NtRemoveIoCompletion
NtQueryInformationFile
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

malloc
calloc
free

kernel32

GetLocalTime
GetProcAddress
SetThreadUILanguage
GetConsoleMode
GetWindowsDirectoryW
GetCurrentProcess
GlobalFree
GlobalAlloc
ReadFile
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetModuleHandleA
SetProcessShutdownParameters
SetConsoleMode
WriteFile
GetConsoleWindow
SetConsoleTitleA
FindVolumeClose
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
GetVersion
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
GetUserDefaultUILanguage
TerminateProcess
GetSystemDefaultUILanguage
Process32First
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
Sleep
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetDiskFreeSpaceExW
SetFileAttributesW
ExitThread
GetFileAttributesW
CreateFileW
FindClose
SetConsoleTextAttribute
WaitForMultipleObjects
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
SetConsoleCtrlHandler

user32

wsprintfW
GetMessageW
GetSystemMenu
SystemParametersInfoW
DeleteMenu
wsprintfA
CharUpperA
SetWindowLongA
PeekMessageW
GetWindowLongA
wvsprintfA
RegisterHotKey
FlashWindow
SetLayeredWindowAttributes
EnableMenuItem
MessageBoxA
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
IsWindowVisible
ShowWindow
CharLowerBuffW

advapi32

CloseServiceHandle
RegQueryValueExW
RegDeleteValueW
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegQueryValueExA
OpenProcessToken
DuplicateToken
OpenThreadToken
GetTokenInformation
SetSecurityInfo
RegOpenKeyA
RegCloseKey
GetSecurityInfo
EnumDependentServicesA
SetThreadToken
OpenSCManagerA
ControlService
QueryServiceStatusEx
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid
CheckTokenMembership
InitializeSecurityDescriptor
CryptReleaseContext

shell32

SHEmptyRecycleBinW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExA
ShellExecuteExW
CommandLineToArgvW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9f710b579880d1b6ff748176eb620f1

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

iphlpapi

ws2_32

crypt32

gdiplus

shlwapi

mpr

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 9KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 9KB