Overview

overview

10

Static

static

3

07c44729e2...cd.exe

windows7-x64

10

07c44729e2...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2024 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd.exe

  • Size

    3.6MB

  • MD5

    d724d8cc6420f06e8a48752f0da11c66

  • SHA1

    3b669778698972c402f7c149fc844d0ddb3a00e8

  • SHA256

    07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd

  • SHA512

    d771d74894e72402bbd016787fb102053678424205644bceec17ee3e7598e3f4aeb59b0f3272b5dbe1d26289f659024520653f57fc1bfe18054ffae4f188aef9

  • SSDEEP

    98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HI:Z8qPe1Cxcxk3ZAEUadzR8yc4HI

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3336) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd.exe
    "C:\Users\Admin\AppData\Local\Temp\07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2156
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2508
  • C:\Users\Admin\AppData\Local\Temp\07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd.exe
    C:\Users\Admin\AppData\Local\Temp\07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2188
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2616
  • C:\Windows\system32\taskmgr.exe
    taskmgr.exe /3
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1956
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1304
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4f0
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2332
    • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\FormatGroup.docx"
      1⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:316
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ReceiveCompress.mpe"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      19KB

      MD5

      ed4decc6a699b9e2b7220c6d46aa718e

      SHA1

      104b32030a4d9a2df0b7708de78de68c9a40b589

      SHA256

      5b58a96ecfdaafee94e93f6fb2f849aca994e2a85858006276f5430f8b6a524c

      SHA512

      f14607089d8701390003901209cb469fc235ab608ede154afacd06bafe2fd3c28b19477421503d53086670ddd4f749847bfa9122d2c752e63e9f2ca9377f4743

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
      Filesize

      81B

      MD5

      918ae36ba75f71a24c4de0be495e75c9

      SHA1

      94991a9e13ab566f324c5d7c0cb5a630617dd5ce

      SHA256

      af600035f2a77a57b9b02a82eb07e28023bdc8960a18b9d100fb84720c3aa352

      SHA512

      a7062f0efb7778a179db8ed8b3e5dc80ce115f620fd1c0746d5b9606cd3bffd5a3740acca04ce2aea98c74c19a9d17d9ab208b26fc72c1813db6daa505a3623c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
      Filesize

      80B

      MD5

      2df4381fd3e5196192ec95181466aab0

      SHA1

      be0a8ecd297f0341df0890773528e49fb005700e

      SHA256

      1dd230e589c409d62a1c7c3dce9fe893a01cbf5e43b2f4ae96d02f93092b685a

      SHA512

      a74a2290be45c91e0ef21ea53c3ffd4a507f4d80dbf124cc9a138c7ee0c44470e8e011df70d52dac39cd93dd0cb62d9fd1f3a48c33989cb2c069bdef36a8e645

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock
      Filesize

      18B

      MD5

      00fd88a7dc83168ab24d18185ac710be

      SHA1

      0eba84d437a17065be6045852b6658eb9977ef4b

      SHA256

      e305f9a288b3b9baba45e94f2cd69703f84612b3487f3d2d6b07995b405e4772

      SHA512

      d8217056e39e3aa51d4eaf6e2f87db19fa814ba38fb3d2978e526e748cedb28a929ae24c7f44a3d062a3f8b1e2e438ee74eb494c22857c6ba3556edb49abd8ef

      Download Submit

    • C:\Windows\tasksche.exe
      Filesize

      3.4MB

      MD5

      7f7ccaa16fb15eb1c7399d422f8363e8

      SHA1

      bd44d0ab543bf814d93b719c24e90d8dd7111234

      SHA256

      2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd

      SHA512

      83e334b80de08903cfa9891a3fa349c1ece7e19f8e62b74a017512fa9a7989a0fd31929bf1fc13847bee04f2da3dacf6bc3f5ee58f0e4b9d495f4b9af12ed2b7

      Download Submit

    • memory/316-8-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/316-50-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1600-133-0x000007FEF4AF0000-0x000007FEF4B14000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1600-144-0x000007FEF2350000-0x000007FEF2366000-memory.dmp

      Filesize

      88KB

      Download

    • memory/1600-109-0x000007FEF7010000-0x000007FEF7028000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1600-110-0x000007FEF6AB0000-0x000007FEF6AC7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1600-111-0x000007FEF6A90000-0x000007FEF6AA1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-108-0x000007FEF62A0000-0x000007FEF6556000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1600-113-0x000007FEF6150000-0x000007FEF6161000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-114-0x000007FEF6130000-0x000007FEF614D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/1600-112-0x000007FEF6A70000-0x000007FEF6A87000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1600-116-0x000007FEF5F00000-0x000007FEF5F11000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-120-0x000007FEF5E40000-0x000007FEF5E51000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-119-0x000007FEF5E60000-0x000007FEF5E78000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1600-122-0x000007FEF5E00000-0x000007FEF5E11000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-118-0x000007FEF5E80000-0x000007FEF5EA1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1600-115-0x000007FEF5F20000-0x000007FEF612B000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1600-124-0x000007FEF5DC0000-0x000007FEF5DD1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-123-0x000007FEF5DE0000-0x000007FEF5DFB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1600-125-0x000007FEF5DA0000-0x000007FEF5DB8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1600-121-0x000007FEF5E20000-0x000007FEF5E31000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-126-0x000007FEF5D70000-0x000007FEF5DA0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/1600-117-0x000007FEF5EB0000-0x000007FEF5EF1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/1600-134-0x000007FEF4AD0000-0x000007FEF4AE8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1600-106-0x000000013F500000-0x000000013F5F8000-memory.dmp

      Filesize

      992KB

      Download

    • memory/1600-145-0x000007FEF2280000-0x000007FEF2345000-memory.dmp

      Filesize

      788KB

      Download

    • memory/1600-146-0x000007FEF2230000-0x000007FEF2272000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1600-107-0x000007FEF6AD0000-0x000007FEF6B04000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1600-143-0x000007FEF2370000-0x000007FEF2381000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-142-0x000007FEF2390000-0x000007FEF23BF000-memory.dmp

      Filesize

      188KB

      Download

    • memory/1600-147-0x000007FEF21C0000-0x000007FEF2222000-memory.dmp

      Filesize

      392KB

      Download

    • memory/1600-141-0x000007FEF23C0000-0x000007FEF23D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1600-140-0x000007FEF23D0000-0x000007FEF23E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1600-139-0x000007FEF23F0000-0x000007FEF2401000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-138-0x000007FEF2410000-0x000007FEF2431000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1600-137-0x000007FEF4A60000-0x000007FEF4A72000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1600-136-0x000007FEF4A80000-0x000007FEF4A91000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-135-0x000007FEF4AA0000-0x000007FEF4AC3000-memory.dmp

      Filesize

      140KB

      Download

    • memory/1600-127-0x000007FEF4CC0000-0x000007FEF5D70000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/1600-132-0x000007FEF4B20000-0x000007FEF4B48000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1600-131-0x000007FEF4B50000-0x000007FEF4BA7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/1600-148-0x000007FEF2150000-0x000007FEF21BD000-memory.dmp

      Filesize

      436KB

      Download

    • memory/1600-130-0x000007FEF4BB0000-0x000007FEF4BC1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1600-129-0x000007FEF4BD0000-0x000007FEF4C4C000-memory.dmp

      Filesize

      496KB

      Download

    • memory/1600-128-0x000007FEF4C50000-0x000007FEF4CB7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/1600-149-0x000007FEF1FD0000-0x000007FEF2150000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1600-158-0x000007FEF6AD0000-0x000007FEF6B04000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1600-157-0x000000013F500000-0x000000013F5F8000-memory.dmp

      Filesize

      992KB

      Download

    • memory/1600-159-0x000007FEF62A0000-0x000007FEF6556000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1600-160-0x000007FEF4CC0000-0x000007FEF5D70000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/1956-5-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/1956-6-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/1956-7-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2616-4-0x0000000002E10000-0x0000000002E11000-memory.dmp

      Filesize

      4KB

      Download