General
-
Target
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
-
Size
224KB
-
Sample
240925-m3wp7s1fpj
-
MD5
75031983cb851f3475c460a40797fe62
-
SHA1
4ee0238f082123aeb7642ea2e427f57cf4ee954a
-
SHA256
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4
-
SHA512
635b72c7fb8d8b3818364a8a239941d4b4ec608f3d87ee966ce6abd599b847f2aee1e895d996391a1802a57afb41127fbc5e87020b5b280aca2066039e94ca36
-
SSDEEP
3072:Y059femWRwTs/dbelj0X8/j84pcRXPlU3Upt3or4H84lK8PtpLzLsR/Efc:+5RwTs/dSXj84mRXPemxdBlPvLzLe
Static task
static1
Behavioral task
behavioral1
Sample
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
Resource
win10v2004-20240910-en
Malware Config
Extracted
C:\Users\Admin\Documents\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
-
Size
224KB
-
MD5
75031983cb851f3475c460a40797fe62
-
SHA1
4ee0238f082123aeb7642ea2e427f57cf4ee954a
-
SHA256
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4
-
SHA512
635b72c7fb8d8b3818364a8a239941d4b4ec608f3d87ee966ce6abd599b847f2aee1e895d996391a1802a57afb41127fbc5e87020b5b280aca2066039e94ca36
-
SSDEEP
3072:Y059femWRwTs/dbelj0X8/j84pcRXPlU3Upt3or4H84lK8PtpLzLsR/Efc:+5RwTs/dSXj84mRXPemxdBlPvLzLe
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1