Resubmissions

23-10-2024 15:51

241023-tanx8azgmq 10

23-10-2024 12:57

241023-p6wkqashqr 10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    23-10-2024 12:57

General

  • Target

    2024-10-23_a610cfeb0a3e2f601ef8ccd8e0f79d8b_wannacry.exe

  • Size

    2.2MB

  • MD5

    a610cfeb0a3e2f601ef8ccd8e0f79d8b

  • SHA1

    6f75fab60c7ae9eba2fc92cf8f656093e5ad347a

  • SHA256

    1388c4fc25f7a14bd18acd4a19b870066da52d280d417f4a6f0f3eab2e2c6b94

  • SHA512

    3e76a637af1ace9c7f58a6e89f26fcf3cc0356b3dd80c24c7d4d5a06f5a711a459f067e49d5bf929f9365bf4e1680080959ed6ad9ec935e44670faa65ccc411d

  • SSDEEP

    49152:QnuQqMSPbcBVQej/1INgwuqzgX8knK4JKARp:QZqPoBhz1ay

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (3341) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-23_a610cfeb0a3e2f601ef8ccd8e0f79d8b_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-23_a610cfeb0a3e2f601ef8ccd8e0f79d8b_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2312
  • C:\Users\Admin\AppData\Local\Temp\2024-10-23_a610cfeb0a3e2f601ef8ccd8e0f79d8b_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-10-23_a610cfeb0a3e2f601ef8ccd8e0f79d8b_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:1648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads