wannacry | 57d3f6b3bebac1922ddfc9805b2fc1f5e779b2a3ce53a65022d3a29a135b686b | Triage

Submit
Reports

Overview

overview

Static

static

7

cbaf4e5b4e...18.exe

windows7-x64

cbaf4e5b4e...18.exe

windows10-2004-x64

Sharing

General

Target

cbaf4e5b4e4ebb82872138404bc3a9c6_JaffaCakes118
Size

1.6MB
Sample

240830-z4yx6sxbjp
MD5

cbaf4e5b4e4ebb82872138404bc3a9c6
SHA1

c639e1981bb95af59f17a3f3bbabab799cc0784d
SHA256

57d3f6b3bebac1922ddfc9805b2fc1f5e779b2a3ce53a65022d3a29a135b686b
SHA512

7ba4ce138d3657cce04814dc89c48213e82f7017578d7635561900f1e06d55d8a1a3a239e8c00cd33bcf9165f63b2d742f5de1dc135b03cfd4a09d4851453d6a
SSDEEP

49152:K0XgjwXY5vE30thnB1j3qxNU+fMv6x1J85vGVXvhXRyIQXs:K0XgSlkt50U+fMQDgvGVXZXiXs

Score

10^/10

wannacry discovery evasion persistence ransomware upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cbaf4e5b4e4ebb82872138404bc3a9c6_JaffaCakes118.exe

Resource

win7-20240704-en

wannacry discovery evasion persistence ransomware upx worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cbaf4e5b4e4ebb82872138404bc3a9c6_JaffaCakes118.exe

Resource

win10v2004-20240802-en

wannacry discovery evasion persistence ransomware upx worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  cbaf4e5b4e4ebb82872138404bc3a9c6_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  cbaf4e5b4e4ebb82872138404bc3a9c6
- SHA1
  
  c639e1981bb95af59f17a3f3bbabab799cc0784d
- SHA256
  
  57d3f6b3bebac1922ddfc9805b2fc1f5e779b2a3ce53a65022d3a29a135b686b
- SHA512
  
  7ba4ce138d3657cce04814dc89c48213e82f7017578d7635561900f1e06d55d8a1a3a239e8c00cd33bcf9165f63b2d742f5de1dc135b03cfd4a09d4851453d6a
- SSDEEP
  
  49152:K0XgjwXY5vE30thnB1j3qxNU+fMv6x1J85vGVXvhXRyIQXs:K0XgSlkt50U+fMQDgvGVXZXiXs
Score

10^/10

wannacry discovery evasion persistence ransomware upx worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Renames multiple (3590) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryevasionpersistenceransomwareupxworm

behavioral2

wannacrydiscoveryevasionpersistenceransomwareupxworm

© 2018-2025

Terms | Privacy