Overview

overview

10

Static

static

3

2024-10-12...ry.exe

windows7-x64

10

2024-10-12...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_d33868b2256c4ac4c1676a9861bbacc8_wannacry.exe

  • Size

    3.6MB

  • MD5

    d33868b2256c4ac4c1676a9861bbacc8

  • SHA1

    4f6e0baa5799da3ad36f99ccf8be553f53aa6f0d

  • SHA256

    a5dd62b929a18eb9a6bd8f585786aceb83f8deb95093cc2e1868a01f45858974

  • SHA512

    930753109d66d00934d664995a392151bf81b57b00c277c194d9d640c8738a5ceab9ca84d690bffd073de61ebc1b96b3547596e6b87b5583f1f97c06a998af8d

  • SSDEEP

    24576:VbLgdeQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLK6+vbOSSqTPVX8desCGHn:VnjQqMSPbcBVQej/1INx+TSqTdX0QGH

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3211) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_d33868b2256c4ac4c1676a9861bbacc8_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_d33868b2256c4ac4c1676a9861bbacc8_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:3952
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:5032
  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_d33868b2256c4ac4c1676a9861bbacc8_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-10-12_d33868b2256c4ac4c1676a9861bbacc8_wannacry.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    9fbdcc1f7ee5afceed82c5e107074c1d

    SHA1

    4d6ca398d8488084ec79ef6c16e686fa65e93be4

    SHA256

    165e950a59aadc2335430a4b487f412e7365a27bee572909c693691dbcde3a5d

    SHA512

    95af6975d5cb4a451c38c0302cc57e25be5d1adef8848e02f6fb6c8b08a8e17acc59c769c16cbb1c98a7a06babd0577c029a368fd7876cb4b30a2324ddd1c6b6

    Download Submit