Analysis
-
max time kernel
92s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
04-12-2024 11:53
General
-
Target
tasksche.exe
-
Size
3.4MB
-
MD5
a27cfbfad728fa5ec8e701a6f93cab26
-
SHA1
deba582c9c8f059590132395f987c2acf54e7a7f
-
SHA256
c0057fd3141966017014beb71fa2e31d84d3ddd2a9f20e3e6ee26df8165a531f
-
SHA512
8c095ccb3367903bc5498d0222ee537ef2bbd4f4204fe9a9a9babe2426d8a377240a15892e248e6e252bf3b229eecc8b1c960136988bf3398941e20a1e542b5d
-
SSDEEP
768:sCo1dAqfsxpWQUJIMsuEfVQuvPOpai+d03Baho9S4AJKqBz8MZVxPDMO9nq8t2Tf:Bo1Jfsh3MKNQugai++N9S4A3v9q/j
Score
10/10
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Modifies file permissions 1 TTPs 1 IoCs
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tasksche.exe"C:\Users\Admin\AppData\Local\Temp\tasksche.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
-