Extracted

• • Target

    RNSM00302.7z

  • Size

    5.7MB

  • MD5

    7eb0a1681e0d19ee1a5aac6ad65894e8

  • SHA1

    e47b4ab2c2bae906a70abc7f2ef864896f742a06

  • SHA256

    9689344d843d5e3b268f08a3fa3b57da2fa578b8c313ab3926e785c69ceb2383

  • SHA512

    301c0e01f12f29cd74e7a7683342a947c7b99ef2894f3e3bffd90349f3a717615027ef562f8d8aff7ca7b364a2ad2a75a5c2abb08ed9462ad2919c5c64e2c6e3

  • SSDEEP

    98304:aik3bY/APNpxaUOP9eq34kDb6bt32LvMffph2VGjjS6iEuFNwA9trYqZP7:aiYbYANfW9efkXW3gYWyWfEuv59NYqZT

  Score

  10^/10

  dharmawannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwareworm

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Dharma family

    dharma

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1