Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2024-10-12...ry.exe

windows7-x64

10

2024-10-12...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_d033786ca606984830970d9e8e9d08a3_wannacry.exe

  • Size

    3.6MB

  • MD5

    d033786ca606984830970d9e8e9d08a3

  • SHA1

    9556e95a90a89902d95b66d989c859de8091b394

  • SHA256

    1f96101739dbfbad5c994ea8188d06d2d6e0cd19a681edf32bbbf9d3651eb6ff

  • SHA512

    c788c63122aea184a689cd5c10113e77aa4373b9cb95908730f5676a295942fabcd2ff91e4c91e8ece442a18c95681ef512c901f2ccc682ba198a17a0f4839d8

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEc:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P5

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3262) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_d033786ca606984830970d9e8e9d08a3_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_d033786ca606984830970d9e8e9d08a3_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:3028
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2324
  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_d033786ca606984830970d9e8e9d08a3_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-10-12_d033786ca606984830970d9e8e9d08a3_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    5786aaa4f672424a419d66f9a65043e9

    SHA1

    86b52a09ece20c196e68346da54f85ab0d1d0a2b

    SHA256

    1f1ca962967b9e36dc4080039cfdeaba354b88d7daa0767259d3f2e92b695b22

    SHA512

    d317304be1b09cde275bbb50f04f6c6c39b08b0f215d72cfdbda10a08f04822319e1362a224b03bf45a7c51e18e312091e2cd1cc835f823ac032e98205993cba

    Download Submit