Resubmissions
29-12-2024 00:20
241229-amz2gawnbx 1029-12-2024 00:17
241229-ak793awmfv 1029-12-2024 00:14
241229-ajjv3swpck 1029-12-2024 00:11
241229-agtx9swngq 1028-12-2024 23:59
241228-312fnswkct 1007-08-2024 08:26
240807-kbvmqaydrc 1007-08-2024 05:12
240807-fv9tjavhkc 1007-08-2024 04:57
240807-fla9ls1grr 1007-08-2024 04:57
240807-flayvavflh 307-08-2024 04:03
240807-emp9gstgkh 10General
-
Target
Ransomware.WannaCry.zip
-
Size
3.3MB
-
Sample
241228-312fnswkct
-
MD5
efe76bf09daba2c594d2bc173d9b5cf0
-
SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7
-
SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
-
SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029
-
SSDEEP
98304:vhvb2BVmAw0p9jIVcEj5nnZNRyA30yBSRT:vhvq7Bu6EZnZN5EyBSN
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.WannaCry.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Ransomware.WannaCry.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Ransomware.WannaCry.zip
-
Size
3.3MB
-
MD5
efe76bf09daba2c594d2bc173d9b5cf0
-
SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7
-
SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
-
SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029
-
SSDEEP
98304:vhvb2BVmAw0p9jIVcEj5nnZNRyA30yBSRT:vhvq7Bu6EZnZN5EyBSN
Score1/10 -
-
-
Target
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Wannacry family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1