Extracted

• • Target

    NBFD-fabric-1.1.jar

  • Size

    4KB

  • MD5

    79eb607bb56a4aa11e7ae4efe7723ef2

  • SHA1

    73868f01bcf1306c62c4a26448d2433e1abd55ff

  • SHA256

    1824e40164005f433dbafb13e77ac0152a1992866c5e5ade502bfe1155ab4228

  • SHA512

    baf5da6510c80b7201326fefc910e5641b8f9ab0fc118d9bc19326e88b35e2866b33ec36c0f85a6361d9f5757eec73dc78b16492b0aac2c4ca9ceb934e24addf

  • SSDEEP

    96:tBMnAYMkg1NHXrwjslW2eJu6Vx+Y8Qx44V94ft//jMd6C:wnOrOgu72t/L26C

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1