General
-
Target
https://github.com/kh4sh3i/Ransomware-Samples
-
Sample
240905-w9a7hsxgjd
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/kh4sh3i/Ransomware-Samples
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\Downloads\WannaCry\WannaCry\Ransomware.WannaCry\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
https://github.com/kh4sh3i/Ransomware-Samples
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Uses the VBS compiler for execution
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
1Scripting
1