Overview

overview

10

Static

static

3

e75c2ee38a...58.dll

windows7-x64

10

e75c2ee38a...58.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2024 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58.dll

  • Size

    5.0MB

  • MD5

    a626ac7cee34f2e18aec109b83babf55

  • SHA1

    12d812851aa7436dc5434a5bee56b9e211f1a1d5

  • SHA256

    e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58

  • SHA512

    2437905ef4c1ee2173c0e1dcd1d4b25bc7848f24a450c9acf16c0c4d9309f6b04a23bc11db2ddc33061d37d34072c2d0ed45b904cccf1468a6f9a3a0619fb4ea

  • SSDEEP

    98304:nnj5mqtRvJEZ+jT4guDNIltHTOibMR3LvYuENf07dFfmh+OcvTrvM3R/zTqg0qFa:nnK2/yGr6Rb

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (2454) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58.dll,#1
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4928
      • C:\WINDOWS\mssecsvr.exe
        C:\WINDOWS\mssecsvr.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:1840
  • C:\WINDOWS\mssecsvr.exe
    C:\WINDOWS\mssecsvr.exe -m security
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\mssecsvr.exe
    Filesize

    3.6MB

    MD5

    b5b1ea94a40c7abe240c29518a8b4a96

    SHA1

    4b72378a3900403c1196b8d3c93ab32e01eb34bc

    SHA256

    046a222a0909116a1183c8d9ecb5bdc2d0068978fe0cf34e60ff671a5adcde34

    SHA512

    79e0e84bd4d47b6cd38e80f6f7cf115d62699d6a7f1a9e55f61f66391a137f8718847ca19824d48d794b87c42b3e906968556aa7475881dbe2125dc301e22c9b

    Download Submit