General
-
Target
57b63352e619f0214e9ede1f9313ffacd0624594bcd461dc106b637b2f19ce34
-
Size
190KB
-
Sample
240925-s16qaawfqc
-
MD5
688ff9f082046d30706f53aacc3583e6
-
SHA1
340e3ee85825ad51fd5e2d11a9e8963562dc7c4d
-
SHA256
57b63352e619f0214e9ede1f9313ffacd0624594bcd461dc106b637b2f19ce34
-
SHA512
0379464353193f34d2e03c2986b06d3d5e014e5c5d6d5aeaa35279968c32090154339bec7d730bd5ba3fd198e596e3ce53ebe00c046c494815eb4cd3f984ee61
-
SSDEEP
3072:VHHyssdDuXHXEJjvBMWNmnLGmH5TssHRDqkTHKcNHJAxhN0wI0sIg1yBxPjxkQHt:VHauXUJj5MWNuaSTsonjAxhNqP1wxPFf
Static task
static1
Behavioral task
behavioral1
Sample
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\Documents\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
-
Size
224KB
-
MD5
75031983cb851f3475c460a40797fe62
-
SHA1
4ee0238f082123aeb7642ea2e427f57cf4ee954a
-
SHA256
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4
-
SHA512
635b72c7fb8d8b3818364a8a239941d4b4ec608f3d87ee966ce6abd599b847f2aee1e895d996391a1802a57afb41127fbc5e87020b5b280aca2066039e94ca36
-
SSDEEP
3072:Y059femWRwTs/dbelj0X8/j84pcRXPlU3Upt3or4H84lK8PtpLzLsR/Efc:+5RwTs/dSXj84mRXPemxdBlPvLzLe
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1