General
-
Target
wanakiwi.zip
-
Size
354KB
-
Sample
240915-khhxhavckg
-
MD5
e4f370b101104c15269a3b888ed98e08
-
SHA1
ad5b797c7cc788a21403ca0cc959bb548580c84f
-
SHA256
40da854572ad619f1e48ebc62e7ac42fc46b2f3fbdd0dd9069eb451b79f578f4
-
SHA512
5fd22a7bc6ae20461aab75d0806309d0ed5f926219437a2a252dd96a4dcae616c0b7faa91a7f12d693c75ef9e36c26f0f876cf3fa82d85d419bfe08b1b8ab6ef
-
SSDEEP
6144:khQbV921g4F8OnnPl66sLG2kFCUMPX3icAmBEtHxxxXww9yz8rgot:zYNmC0pPnAmB8tweyre
Static task
static1
Behavioral task
behavioral1
Sample
wanakiwi.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
wanakiwi.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
wanakiwi.zip
-
Size
354KB
-
MD5
e4f370b101104c15269a3b888ed98e08
-
SHA1
ad5b797c7cc788a21403ca0cc959bb548580c84f
-
SHA256
40da854572ad619f1e48ebc62e7ac42fc46b2f3fbdd0dd9069eb451b79f578f4
-
SHA512
5fd22a7bc6ae20461aab75d0806309d0ed5f926219437a2a252dd96a4dcae616c0b7faa91a7f12d693c75ef9e36c26f0f876cf3fa82d85d419bfe08b1b8ab6ef
-
SSDEEP
6144:khQbV921g4F8OnnPl66sLG2kFCUMPX3icAmBEtHxxxXww9yz8rgot:zYNmC0pPnAmB8tweyre
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
-
-
Target
wanakiwi.exe
-
Size
770KB
-
MD5
7a1e8f601cbf8d88f77f0a5b69498763
-
SHA1
4d5c0c0d507f0a2ed2a830eac84d45f98dc6a935
-
SHA256
6a1f0ff9bf79c8a4d4209f441db87ed7f160b049ba130673e92ce9af142ffd6b
-
SHA512
18d29ed47f7a84113cfd7444ba4ac365456601be990f072e10c55d5da15ea43113025163f6d4248336cf456fa802d6a8c6d0927b878831dde5af0d9d8344c502
-
SSDEEP
12288:uVxSbrvynJLlZZgiCHCvLmUaNCU9KgJa0H07c4kJul:SxSbrvynBBve9CkAp
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3