Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-10-2024 03:02

General

  • Target

    405ca1e135c0db4d4394f1e343c4b1f60d77f5573ea03f199fe3fd7ea61ecde2N.exe

  • Size

    3.6MB

  • MD5

    16c9fc4bb5aadc37c8cdcde301cf44d0

  • SHA1

    b33db650e6901dcbf1d048bdeeccbfbbb59e2463

  • SHA256

    405ca1e135c0db4d4394f1e343c4b1f60d77f5573ea03f199fe3fd7ea61ecde2

  • SHA512

    d815d67dbaaa9ddecfa8842374c2c311c5869f3448177e674874dcdf62e08b4c956890cb581725d0020684c5318fedcfc3b7b67c15dc7bf7eae9d2d0d855fe1b

  • SSDEEP

    98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P5BZx8:Z8qPe1Cxcxk3ZAEUadj78

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (2532) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\405ca1e135c0db4d4394f1e343c4b1f60d77f5573ea03f199fe3fd7ea61ecde2N.exe
    "C:\Users\Admin\AppData\Local\Temp\405ca1e135c0db4d4394f1e343c4b1f60d77f5573ea03f199fe3fd7ea61ecde2N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:3616
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2512
  • C:\Users\Admin\AppData\Local\Temp\405ca1e135c0db4d4394f1e343c4b1f60d77f5573ea03f199fe3fd7ea61ecde2N.exe
    C:\Users\Admin\AppData\Local\Temp\405ca1e135c0db4d4394f1e343c4b1f60d77f5573ea03f199fe3fd7ea61ecde2N.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe

    Filesize

    3.4MB

    MD5

    008cc723d62d404994c49afbedbc1a43

    SHA1

    43c4571def1f4df4d6245e3fec91c9504b0553dd

    SHA256

    1ce1f15e09db58cf191d99b634bde114134718e2fa0e95eb611496ba1d4a568e

    SHA512

    5449d6c0a0769df0afe1184e7e3b6c415244f28590296bb231031f364e774adca3ed7e853d010d2613990fc784e38f4876cc0b3e03773f11db8dc894ce0f446a