Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-10-2024 00:08
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe
-
Size
3.6MB
-
MD5
0c8da92739a2583c90e3f4e7b1b5f5be
-
SHA1
f7b822618d29a88bf4efd4ef7c1c89ff104fdb0f
-
SHA256
d22e884853bbc7ca9b2e405b0423dd88bcdf7b349b456a51e06d64c39afe1a4d
-
SHA512
2bddb704163d0e3158335146dea0168dbdb6754fd25f814b8e23ad90b62f79fd733978ed3c56e00d9741f4a5f52587b4f74257a9d350ee8940994c8a9895b4ab
-
SSDEEP
24576:VbLgd1iBJMSirYbcMNgef0QEjTjirQ39OFCjLxglFDxaYaKQDlR:Vn1MSPbcBVQEerAjL6lFxazKQDlR
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3257) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
pid Process 2360 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\WINDOWS\tasksche.exe 2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3444 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:2360
-
-
C:\Users\Admin\AppData\Local\Temp\2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-10-10_0c8da92739a2583c90e3f4e7b1b5f5be_wannacry.exe -m security1⤵
- System Location Discovery: System Language Discovery
PID:4948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD577017c496a44936ab5ff8a499102ca7c
SHA12f16f32b2a7068e66aca559a80fd24413670c951
SHA256734444ae254169aff0a4a0c09c9f3c5d734cc7e93ae8c52514288eacfe6ebf88
SHA5125477289852b13283f995a9cbb1f4a274268e8a752e636c4fd9bb7718653aed077308899df0e4b1b85e0f338491ddf2da4ccc1d8cfba9b45f241ac9eb8aa970a4