Overview

overview

10

Static

static

3

2024-10-12...ry.exe

windows7-x64

10

2024-10-12...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2024 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_120908909f9c437f4d03a2c55f731af9_wannacry.exe

  • Size

    3.6MB

  • MD5

    120908909f9c437f4d03a2c55f731af9

  • SHA1

    b88ce5b12187c9360b4d90d7a994263765df0a0e

  • SHA256

    74e4b1a251a29edd23add533d0d2c41140e3e3ca8168dd2ed61e86a503b1fe82

  • SHA512

    0560186eb77ebc3bee325d6b0df20f0b9e185f564b51e2ef7a05e462f28a601c6c50054159840198d82ee55d157c53e2675f749e6e5029871b909c6777ddf56a

  • SSDEEP

    49152:2nAQqMSPbcBVQe+TSqTdd1HkQo6SARoKAAcwO:yDqPoBxcSUZk36SA6KfC

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3086) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_120908909f9c437f4d03a2c55f731af9_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_120908909f9c437f4d03a2c55f731af9_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2096
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2760
  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_120908909f9c437f4d03a2c55f731af9_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-10-12_120908909f9c437f4d03a2c55f731af9_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    93b5c109da5465a468beccdcd73ee066

    SHA1

    30c1580f91f4b1a0474be8528880ac41fb77e20b

    SHA256

    a74b00d5aaaaf014e08f218f7824c6ebe051b3b71dddf83773dbdd4f8fc3d7d8

    SHA512

    6bcbf2015a1b4cad65fbc6ff5de6e760b60f2d0e06d158f6ed45d922552233c4153b4895526c79dc517cc044a1086de5b82bdf15cbed0d4baf9076a2a7fd7e1d

    Download Submit