Extracted

• • Target

    01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe

  • Size

    224KB

  • MD5

    75031983cb851f3475c460a40797fe62

  • SHA1

    4ee0238f082123aeb7642ea2e427f57cf4ee954a

  • SHA256

    01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4

  • SHA512

    635b72c7fb8d8b3818364a8a239941d4b4ec608f3d87ee966ce6abd599b847f2aee1e895d996391a1802a57afb41127fbc5e87020b5b280aca2066039e94ca36

  • SSDEEP

    3072:Y059femWRwTs/dbelj0X8/j84pcRXPlU3Upt3or4H84lK8PtpLzLsR/Efc:+5RwTs/dSXj84mRXPemxdBlPvLzLe

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (51) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2