Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-10-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe
-
Size
3.6MB
-
MD5
cc8585f79612fb22844c7a51c1114cf1
-
SHA1
e08744950c782b19f464a5c97c5080c44d454fab
-
SHA256
710f1426e6c6b241a839f0786d9c1d9dfdab26d2ae2c9cb66deffecc86be18f8
-
SHA512
042ec2728a13d4b865d508f1361f7c12b7299a8bc34da11854428a61dfe5d7735e9d7af2a4cc3dc0974f5d22fa97f05e12fa6c37a27c76e35b9e7026c227d0cb
-
SSDEEP
49152:VnjQqMSPbcBVQej/1IudhnvXAMEcPA5HI:Z8qPoBhz1ldhvX5kHI
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3343) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
pid Process 2568 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\WINDOWS\tasksche.exe 2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3520 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:2568
-
-
C:\Users\Admin\AppData\Local\Temp\2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-10-11_cc8585f79612fb22844c7a51c1114cf1_wannacry.exe -m security1⤵
- System Location Discovery: System Language Discovery
PID:2628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD5b29d4d674f68ad7beba6064838e0c48d
SHA11a938d3cf13b4e17c28a095d51532d28ae50fe66
SHA25620c20defe5796ddbbc5c15ea660000a04ab1faf80c5edfa0031eca16d528afdb
SHA5126bb61d07cf9a122c284dbbafb715ab2a32492c2a60a0257e801a00e02d7b6f5930ed1dd9d02c2d782bb9d3503946782c6b9b9e47d9915271567257411d15309e