General
-
Target
2024-10-14_76caee0502e3483b22ffe34508a06ec3_destroyer_wannacry
-
Size
26KB
-
Sample
241014-vw3tyawgmf
-
MD5
76caee0502e3483b22ffe34508a06ec3
-
SHA1
c4120e980f86a2ab7bd29864e9045012c40ba70f
-
SHA256
b4dc0cd3a5824ad15c8607c4cf23278b90d61946e2d904445e5707534a67d989
-
SHA512
65f5bcee2c45d38d981638657d936d78096586659e1cd52a329876c1cac37aef105d97addce101158472f14322f1dbb5a932a08ea160d2e5d3a8b14d8db1d9ed
-
SSDEEP
384:3tWZPzzxAm1vObMcJQ7o71+k4zxBSKrE7lGOy5o91Y5O9jx82vH:O7zxAmaXJQ7ogk426Jho925O9t82v
Behavioral task
behavioral1
Sample
2024-10-14_76caee0502e3483b22ffe34508a06ec3_destroyer_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-14_76caee0502e3483b22ffe34508a06ec3_destroyer_wannacry.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-10-14_76caee0502e3483b22ffe34508a06ec3_destroyer_wannacry
-
Size
26KB
-
MD5
76caee0502e3483b22ffe34508a06ec3
-
SHA1
c4120e980f86a2ab7bd29864e9045012c40ba70f
-
SHA256
b4dc0cd3a5824ad15c8607c4cf23278b90d61946e2d904445e5707534a67d989
-
SHA512
65f5bcee2c45d38d981638657d936d78096586659e1cd52a329876c1cac37aef105d97addce101158472f14322f1dbb5a932a08ea160d2e5d3a8b14d8db1d9ed
-
SSDEEP
384:3tWZPzzxAm1vObMcJQ7o71+k4zxBSKrE7lGOy5o91Y5O9jx82vH:O7zxAmaXJQ7ogk426Jho925O9t82v
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1