Extracted

• • Target

    241209-wte6jawnb1-behavioral1.pcap

  • Size

    21.0MB

  • MD5

    71ec93443f4d7d8bf391a5b02856c246

  • SHA1

    d4847d5a2bd26173da036f0d8a7b851c7e7d128b

  • SHA256

    2e5d63057adec0e8d39f369d77f010b03efb0bf16b90cdd05676e346a930d7b6

  • SHA512

    3966071c8ab7e0d2e57738814fc7d9da2db0d5ac0e1a7a7d58a55d07419d8d555d4f34c631e8713919d8bbdda632848a5bcf87a16ecaab249c8b38b3d43c505b

  • SSDEEP

    393216:cQCU8iszVrdcwEyaqGl0NziHnzXzKuhmdZ8Sk5HQnCxqD:EU8imJdcbZsiHnzjKuhOZOtGtD

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1