General
-
Target
2024-12-09_2d225e2850b5291b75567746310a152e_swisyn_wannacry
-
Size
3.5MB
-
Sample
241209-qw57vatqcm
-
MD5
2d225e2850b5291b75567746310a152e
-
SHA1
63049f62716f33c3ee4a573bcb622a81b8216095
-
SHA256
11985c50c203924b868b3b23e705875600affbade67ccbd62e10d28af359a3a3
-
SHA512
0114f99c580945695b37d0eeb56b136ed9c297e26dd4556787db90404a762279819476f6d71483f8f871ade52f23fab80486bef34f2c3f08b507421ffc1e1ff7
-
SSDEEP
98304:TqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3B:TqPe1Cxcxk3ZAEUadzR8yc4gx
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-09_2d225e2850b5291b75567746310a152e_swisyn_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-12-09_2d225e2850b5291b75567746310a152e_swisyn_wannacry.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
2024-12-09_2d225e2850b5291b75567746310a152e_swisyn_wannacry
-
Size
3.5MB
-
MD5
2d225e2850b5291b75567746310a152e
-
SHA1
63049f62716f33c3ee4a573bcb622a81b8216095
-
SHA256
11985c50c203924b868b3b23e705875600affbade67ccbd62e10d28af359a3a3
-
SHA512
0114f99c580945695b37d0eeb56b136ed9c297e26dd4556787db90404a762279819476f6d71483f8f871ade52f23fab80486bef34f2c3f08b507421ffc1e1ff7
-
SSDEEP
98304:TqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3B:TqPe1Cxcxk3ZAEUadzR8yc4gx
-
Modifies visiblity of hidden/system files in Explorer
-
Wannacry family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
2File Deletion
2Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1