General
-
Target
sample
-
Size
10KB
-
Sample
240907-zn2n5axbqf
-
MD5
2fe989af07e67aebcc5e4903fa144b8e
-
SHA1
cbb1af550b5aa0a18b1e0f82bc7309d69203bfde
-
SHA256
2203101e1a9ca2078e429ffd6c355de3d59ea7e8131ccc8725563c695e5bf01d
-
SHA512
2355e63cea6d29dfba4da014e3b05dfc6477bbc5fc4de476b28c8cca03a2ab347396afe7ba7c9eaf09bc2d7ceb7830ab9542bce4cf3d4aa7e943493845bd0895
-
SSDEEP
192:bMWCBNhFh33DB+PLF+m+NCIfsVdnmt3KMte4JB9ceD3+imKXzHB:kFI3IEe7VTjHB
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
sample
-
Size
10KB
-
MD5
2fe989af07e67aebcc5e4903fa144b8e
-
SHA1
cbb1af550b5aa0a18b1e0f82bc7309d69203bfde
-
SHA256
2203101e1a9ca2078e429ffd6c355de3d59ea7e8131ccc8725563c695e5bf01d
-
SHA512
2355e63cea6d29dfba4da014e3b05dfc6477bbc5fc4de476b28c8cca03a2ab347396afe7ba7c9eaf09bc2d7ceb7830ab9542bce4cf3d4aa7e943493845bd0895
-
SSDEEP
192:bMWCBNhFh33DB+PLF+m+NCIfsVdnmt3KMte4JB9ceD3+imKXzHB:kFI3IEe7VTjHB
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
2