Extracted

• • Target

    ff1ed1c599b724d4c2ec9d886e4df3f695646add801e4a792dd280b424fb79a9

  • Size

    138KB

  • MD5

    d260d6b9db36e18e4d2c0cdc34b304f4

  • SHA1

    257eff882ff6f479696a4adbb235adf25ebe41e6

  • SHA256

    ff1ed1c599b724d4c2ec9d886e4df3f695646add801e4a792dd280b424fb79a9

  • SHA512

    63f32b8cfc72d338e479e646232a7508bfc82ffb3a5a06b273da8fb167324cabf65d5944f68c5c948a2e581673bb00f3c31a69a891b95d620e98acda466694f7

  • SSDEEP

    3072:/caqyte6LV77snHLLxtyyaXOqdPNbnhW4IxZx5kCZuubFrhU1wKKrONmM:/caBtV77snHRRY7PNNW4IxZ7zbC0rONh

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1