wannacry | 0eb250fb3e19b4f424ca7b49841cdc56b3bb86cd5dfc47bb9da7551789d903e5 | Triage

Sharing

General

Target

2024-12-18_c491ae45d9eab9d9618e3d195ccb2051_swisyn_wannacry
Size

375KB
Sample

241218-dxhrqasmam
MD5

c491ae45d9eab9d9618e3d195ccb2051
SHA1

bb2464e1d38a9ff6d9f3a5f2bf11332c34283d9b
SHA256

0eb250fb3e19b4f424ca7b49841cdc56b3bb86cd5dfc47bb9da7551789d903e5
SHA512

91d20879d1d9eb14fce307249accb6ae0192743b9b95352b5f503bd41d2a68a0ffc9ee28e6c81a806d27244f5309cbf629d2893b9e337722707da6208044f4b5
SSDEEP

6144:XsLqdufVUNDafNEd5+IZiZhLlG4AimmC5:cFUNDaVI5+IZUhLlG4AvN

Score

10^/10

wannacry discovery evasion persistence ransomware worm

Malware Config

Targets

- Target
  
  2024-12-18_c491ae45d9eab9d9618e3d195ccb2051_swisyn_wannacry
- Size
  
  375KB
- MD5
  
  c491ae45d9eab9d9618e3d195ccb2051
- SHA1
  
  bb2464e1d38a9ff6d9f3a5f2bf11332c34283d9b
- SHA256
  
  0eb250fb3e19b4f424ca7b49841cdc56b3bb86cd5dfc47bb9da7551789d903e5
- SHA512
  
  91d20879d1d9eb14fce307249accb6ae0192743b9b95352b5f503bd41d2a68a0ffc9ee28e6c81a806d27244f5309cbf629d2893b9e337722707da6208044f4b5
- SSDEEP
  
  6144:XsLqdufVUNDafNEd5+IZiZhLlG4AimmC5:cFUNDaVI5+IZUhLlG4AvN
Score

10^/10

wannacry discovery evasion persistence ransomware worm
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

wannacrydiscoveryevasionpersistenceransomwareworm

behavioral2

wannacrydiscoveryevasionpersistenceransomwareworm