Resubmissions

15-09-2024 20:39

240915-zfpdtssblr 10

15-09-2024 20:38

240915-zepcfa1erh 10

15-09-2024 19:50

240915-ykmv5a1bjq 10

Analysis

  • max time kernel
    600s
  • max time network
    600s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2024 20:39

General

  • Target

    2024-09-15_ec114588ac70fd5c1fca25731f494b4e_wannacry.exe

  • Size

    2.2MB

  • MD5

    ec114588ac70fd5c1fca25731f494b4e

  • SHA1

    040796d8ed354de04175ca01380c45e9c3acd642

  • SHA256

    1a3a791e79fd658b5e630200046217427ca80ab561cf2f92b599897ca2e0dff9

  • SHA512

    e04456bc3e5b303ca9782037bfa6b5da00596bb909a236d12663579048271efbfcb0a1770db3f3ef574cb2e028aae629b87576eebaa3c408f40b3f9013f78584

  • SSDEEP

    49152:QnxQqMSPbcBVQej/1INRx+TSqTdX1HkQo6:Q6qPoBhz1aRxcSUDk36

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (14015) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-15_ec114588ac70fd5c1fca25731f494b4e_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-15_ec114588ac70fd5c1fca25731f494b4e_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2364
  • C:\Users\Admin\AppData\Local\Temp\2024-09-15_ec114588ac70fd5c1fca25731f494b4e_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-09-15_ec114588ac70fd5c1fca25731f494b4e_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads