Overview

overview

10

Static

static

3

2024-12-19...ry.exe

windows7-x64

10

2024-12-19...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2024 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-19_f2444bbfb11470d903fbb4ca85152b63_wannacry.exe

  • Size

    5.0MB

  • MD5

    f2444bbfb11470d903fbb4ca85152b63

  • SHA1

    43b7ed08819330f3ea8432dbf42ab5d26f2f3128

  • SHA256

    64e0d0a437cfca87dc88e4b04a0b2febc09b13900939a1c222412471d56e5c41

  • SHA512

    bb86e443a7228c1d0ddc263b512cdfd40aba2ddd0218d67ee81f590e8a07e8d9976aa6417f76f6f2cfd46d3b1df0fa22176edbcf9b66d708552492c398c57976

  • SSDEEP

    6144:GE9l9yNqIYVTH5DgSg8ajldktM0XXrs2QhMV9qbBLIwYQuy8DLq1e:GwbLgPluxQhMbaIMu7L5

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3271) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-19_f2444bbfb11470d903fbb4ca85152b63_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-19_f2444bbfb11470d903fbb4ca85152b63_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:1812
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:3688
  • C:\Users\Admin\AppData\Local\Temp\2024-12-19_f2444bbfb11470d903fbb4ca85152b63_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2024-12-19_f2444bbfb11470d903fbb4ca85152b63_wannacry.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    813326172ece708d6cb1632263101d73

    SHA1

    b74cffde7145c173682d5dc7d7ea1a33fb843c52

    SHA256

    c921a5b8fe4c684df9a255cb8ad5467cb41219446cb31d08c1d2f84eee8aeed2

    SHA512

    d7ec2ccd083af2771ecef42a705280929db15f883a02485eb9a7c82259001a4b13bfcbafb5a8524dbac1ebd875bbbfa3b185a159024001790ca053ed77649a7a

    Download Submit