General
-
Target
WhatsApp.exe
-
Size
3.4MB
-
Sample
241120-ta9jxszckj
-
MD5
816ab7483ad853ceeaabbecf1bb3320a
-
SHA1
85ffa33b7ff2d66c01cf5e88367d93801f24a06c
-
SHA256
1de8e951caaeca60bbff3e53481f70385b370170d734a1c8ba60b45177d68566
-
SHA512
840f2a279dab0f17cd9dd1678898f3a07664cf495a557f7c126247fdec14bd1d92b94e18efd67322883cc7af576833780ec4bd80d785443a075951db5f98d27f
-
SSDEEP
98304:k/PoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:k/Pe1Cxcxk3ZAEUadzR8yc4g
Static task
static1
Behavioral task
behavioral1
Sample
WhatsApp.exe
Resource
win7-20241010-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
WhatsApp.exe
-
Size
3.4MB
-
MD5
816ab7483ad853ceeaabbecf1bb3320a
-
SHA1
85ffa33b7ff2d66c01cf5e88367d93801f24a06c
-
SHA256
1de8e951caaeca60bbff3e53481f70385b370170d734a1c8ba60b45177d68566
-
SHA512
840f2a279dab0f17cd9dd1678898f3a07664cf495a557f7c126247fdec14bd1d92b94e18efd67322883cc7af576833780ec4bd80d785443a075951db5f98d27f
-
SSDEEP
98304:k/PoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3:k/Pe1Cxcxk3ZAEUadzR8yc4g
-
Wannacry family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1