General
-
Target
sample
-
Size
77KB
-
Sample
240917-l5wybaxcqa
-
MD5
0ffcf2bd30576f20c6b487c1eadc2acf
-
SHA1
55e98c61b2990bd80b0417f249197c6433e2455b
-
SHA256
f5e16cb99726473a3690f34918082477cba89dcbd88e031a4554f14161a4ea33
-
SHA512
eef64c737cf44fc488e0ff0391521f93c0b07f44b65c016d23fd03d0c2b6794448b477b34de412e18dd041857f31fe4b826f6681bc36fabcda0e62519675c9e9
-
SSDEEP
1536:I6QJFLCCwNiePs+ehNFZuSuWtWWx/ZhoU1+HvScWXpc+NKjp3q/6aejGkaEKfK6a:HQJFLhwAbZuU1+HvScWXpc+NKjp3q/67
Static task
static1
Behavioral task
behavioral1
Sample
sample.js
Resource
win7-20240903-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
sample
-
Size
77KB
-
MD5
0ffcf2bd30576f20c6b487c1eadc2acf
-
SHA1
55e98c61b2990bd80b0417f249197c6433e2455b
-
SHA256
f5e16cb99726473a3690f34918082477cba89dcbd88e031a4554f14161a4ea33
-
SHA512
eef64c737cf44fc488e0ff0391521f93c0b07f44b65c016d23fd03d0c2b6794448b477b34de412e18dd041857f31fe4b826f6681bc36fabcda0e62519675c9e9
-
SSDEEP
1536:I6QJFLCCwNiePs+ehNFZuSuWtWWx/ZhoU1+HvScWXpc+NKjp3q/6aejGkaEKfK6a:HQJFLhwAbZuU1+HvScWXpc+NKjp3q/67
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Windows Management Instrumentation
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
5