General
-
Target
Week7.zip
-
Size
4.2MB
-
Sample
241013-yh3tkazbmq
-
MD5
0c4a607fa0d0267adbe07ebc8c7036f0
-
SHA1
4e1a29a2d2568092068d7cfa844e1eb523f0e955
-
SHA256
2f634bac7eae57158b793fd4cd79f6451b9c19f78e6d25d2e26e2ec67afa2d7a
-
SHA512
552cff42a086a425cd7be65a632b373536167d7b90e5d58d279e65f1a916c906cb88a2ea1625033c8e3a843efaff5fedd9bf6116d638d2c06aa6f960a6b1acaf
-
SSDEEP
98304:KMz8i2FJyNSyOoAON2QrV9kbl5JFEJuQMkU6U6vnLk3Mx:K9JywvoVIlzeMZSk8x
Static task
static1
Behavioral task
behavioral1
Sample
Week7.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Week7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
Week7.exe
-
Size
4.3MB
-
MD5
a55ff7cc91770e9f48d02fcb855b4ab0
-
SHA1
85ccff4fe5161571778c3c83e4b33a5b8beca81a
-
SHA256
075e8571643830316eadf56a3e93bd97569df7147abd13dc3fbc064d9672a82a
-
SHA512
17a105f9c40457486386fb056f10a682371b54dd795ed40c185004afb35bc37e59750c7e4bce66bd6c291203fc930be66a8f08ef5f937e3188afc9c0fa8bd532
-
SSDEEP
98304:7W5YK95irEguNPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:7G95onsPe1Cxcxk3ZAEUadzR8yc4g
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1