Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-10-2024 12:38
General
-
Target
2024-10-20_f67de491b20bca55917e906d1659f8ba_wannacry.exe
-
Size
5.0MB
-
MD5
f67de491b20bca55917e906d1659f8ba
-
SHA1
9547f160e40f8c351315b4d6d3d4d9bc60dda66c
-
SHA256
c201d12cae2da9bc01826b23c0c3dba50eca2acad602d6b75145962c28697c1f
-
SHA512
648263301559baa1d85ae78429739d038c07c955e2e60364302815f6868bef6af0158889a19c051a2ae8bdb02b3189b39cb06b363a4fdd899686f6ef6e682235
-
SSDEEP
12288:e1bLgmluCtgQhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DHeQYSUjEn:QbLgurgQhfdmMSirYbcMNgef0QeQjG
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3171) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory 4 IoCs
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_f67de491b20bca55917e906d1659f8ba_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-20_f67de491b20bca55917e906d1659f8ba_wannacry.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_f67de491b20bca55917e906d1659f8ba_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_f67de491b20bca55917e906d1659f8ba_wannacry.exe -m security1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS