Overview

overview

10

Static

static

3

2024-11-26...ry.exe

windows7-x64

10

2024-11-26...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-26_2976f270fec4ddd52d7ccb02b7956bf5_wannacry.exe

  • Size

    5.0MB

  • MD5

    2976f270fec4ddd52d7ccb02b7956bf5

  • SHA1

    e15a375d40d6d81fd32bd1cc62ae3a86d47d6ed7

  • SHA256

    41acfd4fa73073edbe27222423f037d4fbde46b56da6bbfe49a5753e95389d59

  • SHA512

    896fc561e20e7272833bd23ac7ed26a56a9e8aa972e6bcb8ebfe9e6467b3054e64aaa8480c952512c9c176ae0a78e2257605e160befb5c6cfa9e54fd51e8e17d

  • SSDEEP

    98304:yDqPoBhw1aRxcSUDk36SAEdhvxWa9P593R8yAVp2gC:yDqPB1Cxcxk3ZAEUadzR8yc4

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3241) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-26_2976f270fec4ddd52d7ccb02b7956bf5_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-26_2976f270fec4ddd52d7ccb02b7956bf5_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2224
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:4828
  • C:\Users\Admin\AppData\Local\Temp\2024-11-26_2976f270fec4ddd52d7ccb02b7956bf5_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-11-26_2976f270fec4ddd52d7ccb02b7956bf5_wannacry.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:4944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    6269a696fcc9290bd144c870ed68b507

    SHA1

    ee48d90df2cb1ad782ce2fe1aa8a2d7034c29f3b

    SHA256

    ed7b635137eaec1424e0867253bb38fb6944693602783287c67f3c11fba91d83

    SHA512

    c08d3d7b2ff71db7623db95dd6370800f2e962d966542cb43d2cd0e339f959fef8983e7cd83465298511a32fd0af94f919998539df459c9da2d932a4a9227487

    Download Submit