Extracted

• • Target

    Skin97.png

  • Size

    47KB

  • MD5

    9db29295351d1fece8dbc470a15a5a22

  • SHA1

    4fce4f1a18e70f68e9b08194dc7c63f65bb336a9

  • SHA256

    6816ab13761a4d18d67530f1ccd89daef8082124a8df737768972e91d0c9e573

  • SHA512

    efe7dc1a3e4ce701246554723f2485e90da021be631e05488b8af6b2c62c9db4a7cee8e84ff232ccecb5c78ae29273e049fe755dc394399a15ae6be0aba9e2e1

  • SSDEEP

    768:Vnv91NJpupDuDouMCLtFQVHRAJvWC3DWAXGGKnnYL8Xlrc87uNq8CpPo:VnnaD6x0AHDWeG3nnY4Xlr2Y8CG

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1