Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2024 23:34

General

  • Target

    2024-10-10_26db100590ba72f83a1d4cff6b1a694c_wannacry.exe

  • Size

    2.2MB

  • MD5

    26db100590ba72f83a1d4cff6b1a694c

  • SHA1

    bc98d3d9a10c1f88fea17e83243eb85e6b9043df

  • SHA256

    6808cceb7e868555075bce6a3ae960bb99a41754efe3f4d22100e81a8e0de724

  • SHA512

    38d9cfd2e9877876dbfc23509bf90a0811b726701c13468db56abe39538ec5bb32633c6ef9476bcde0dfa228ca7d8ef1ccef0ce3555410d3099aca684dcebb57

  • SSDEEP

    24576:+bLgurgDdmMSirYbcMNgef0QeQ+M7uJjqvYoAdNLKz66268:+nsEMSPbcBVQeG7cqvINRA8

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (2060) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-10_26db100590ba72f83a1d4cff6b1a694c_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-10_26db100590ba72f83a1d4cff6b1a694c_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2132
  • C:\Users\Admin\AppData\Local\Temp\2024-10-10_26db100590ba72f83a1d4cff6b1a694c_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-10-10_26db100590ba72f83a1d4cff6b1a694c_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads