Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 14:35

General

  • Target

    2024-09-27_9e57c3cf695a4434c12fc7b7c26b4db0_wannacry.exe

  • Size

    3.6MB

  • MD5

    9e57c3cf695a4434c12fc7b7c26b4db0

  • SHA1

    c8ca93745275fca19541549f330131f2b5585869

  • SHA256

    8272c9308f0e7dc5f470dcb831ff31f38e23d02ceb2cc43441607c880e0b7a93

  • SHA512

    d335a5b1ff03ab362b3cf14412cd9a9e06920a235c2ba971909e03086e2f6604ee5df1752e53b553c4cbc1e4ebf269bb667564ab499b1fe4838e02eb8400e167

  • SSDEEP

    98304:Z8qPoBhz18xcSUDk36SAEdhvxWa9P593N:Z8qPe18xcxk3ZAEUadzN

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (3153) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-27_9e57c3cf695a4434c12fc7b7c26b4db0_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-27_9e57c3cf695a4434c12fc7b7c26b4db0_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:3672
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:3864
  • C:\Users\Admin\AppData\Local\Temp\2024-09-27_9e57c3cf695a4434c12fc7b7c26b4db0_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-09-27_9e57c3cf695a4434c12fc7b7c26b4db0_wannacry.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe

    Filesize

    3.4MB

    MD5

    8f4a904f88a5f26855f187199226f581

    SHA1

    c0cfc6747026445b85c33b2a9f5cc432b469dd16

    SHA256

    658ee88359026c5c602656ac2f5a1bc373457d79ce1a6c881cf4078d482e5969

    SHA512

    19a1d133ec306fc4bbdf0576499601cb65ea69afec1db5ef7d53514b5bc9a2aec9de4c7241af7b0766f9e1bcc945317191b5e75f45b2d1819ec0f43df8e1a3b7