Overview

overview

10

Static

static

3

2024-09-06...ry.exe

windows7-x64

10

2024-09-06...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-06_cc7ea6ad93542f9a60fc17c1a2ba6053_wannacry.exe

  • Size

    5.0MB

  • MD5

    cc7ea6ad93542f9a60fc17c1a2ba6053

  • SHA1

    0b08ff633ae892cc398ac04e987d5830e7440a9a

  • SHA256

    23692ce778172a66ef666ae4ad47f7cd0773271360ef7503fb294b446cb6d0a5

  • SHA512

    66a364bc8a632441c9b596d7a42fa613f09127d0d72fbab6bfb24ed5bceb90f5a02fef3f4e7561d09fd8b7590c9e3da71327bc190f88ec824d1a3f68d6e0ac39

  • SSDEEP

    49152:2nAQqMSPbcBVnQo6SAARdhnvxJM0H9PAMEcaEau3R8yAH1plAH:yDqPoBp36SAEdhvxWa9P593R8yAVp2H

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3286) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-06_cc7ea6ad93542f9a60fc17c1a2ba6053_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-06_cc7ea6ad93542f9a60fc17c1a2ba6053_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2248
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2084
  • C:\Users\Admin\AppData\Local\Temp\2024-09-06_cc7ea6ad93542f9a60fc17c1a2ba6053_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-09-06_cc7ea6ad93542f9a60fc17c1a2ba6053_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    6e37fdb5ec816c0364824d55c2c69deb

    SHA1

    b96103ed7d24f8f7c1a3fe18df397f86ac7b99f5

    SHA256

    f90b496070a1c28b590687d692f9cd763f3a6d3f9528dbc63172c4e3d7a91b27

    SHA512

    727a2589cc9cc4431ea28767a70cbbc3fc3a1258a3b464cef5a3219ae0c93584600a4127715cc52f3b01435595c2cc6e496109bf8c98b68e79cc7f28371f591a

    Download Submit