Overview

overview

10

Static

static

1

monkeys dancing.mp4

windows10-1703-x64

10

monkeys dancing.mp4

windows7-x64

3

monkeys dancing.mp4

windows10-2004-x64

6

monkeys dancing.mp4

windows11-21h2-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    monkeys dancing.mp4

  • Size

    11.2MB

  • Sample

    241001-j3l9zstbld

  • MD5

    78ba068286738c17db3758bd36e07a94

  • SHA1

    a1d28e2f93ad2ee7c26766251773255e4e6b7f8b

  • SHA256

    f35c32336623760c4c7f2f97de295dd92d131cd0acf8aacef4228df6605de247

  • SHA512

    bb187df15a43aeecb908f480c5ed7e9316d42135e125a1260f8c1a512ed8e9a0ced6621fc09e06ef276c38fd381233566a56b762fe218d32a5a8a82c161f5592

  • SSDEEP

    196608:AfKpOUXRMMLca+mpG0aFr6/6EDjFPgEyAO307hXNu5VsTpe2XTsuUlwqWP:AypOUS6cTmfmr6RDjFPiAOyqVso2X4uz

Score
10/10
wannacrymicrosoftdefense_evasiondiscoveryexecutionimpactphishingransomwareworm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

    • Target

      monkeys dancing.mp4

    • Size

      11.2MB

    • MD5

      78ba068286738c17db3758bd36e07a94

    • SHA1

      a1d28e2f93ad2ee7c26766251773255e4e6b7f8b

    • SHA256

      f35c32336623760c4c7f2f97de295dd92d131cd0acf8aacef4228df6605de247

    • SHA512

      bb187df15a43aeecb908f480c5ed7e9316d42135e125a1260f8c1a512ed8e9a0ced6621fc09e06ef276c38fd381233566a56b762fe218d32a5a8a82c161f5592

    • SSDEEP

      196608:AfKpOUXRMMLca+mpG0aFr6/6EDjFPgEyAO307hXNu5VsTpe2XTsuUlwqWP:AypOUS6cTmfmr6RDjFPiAOyqVso2X4uz

    Score
    10/10
    wannacrydefense_evasiondiscoveryexecutionimpactransomwarewormmicrosoftphishing

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand MICROSOFT.

      phishingmicrosoft

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks