Extracted

• • Target

    sample

  • Size

    116KB

  • MD5

    fbf5933cf51c8cc5be007d51503f767b

  • SHA1

    8f95fd5cb6f2801e05170485816bb62b3d270489

  • SHA256

    387ad2ce662701bf47e2d32efe60e3e0dd1427589a04c6919d3b6673606f6e5d

  • SHA512

    072cd3f67c00f974f338e85c950464b882e8018ec258a6e83f4582308c43ab9b71f34d966924b650e6ba113587d6a33b508a349ab94d13d9da7e3ae6caafd724

  • SSDEEP

    1536:agzgeAZdGZ/X7PtkGpSlqKquBKquBKquBKquXbQQEMiAO6CIsdBGi9+p6ljx/0:PUGZ/XJkGslybQPnI6GQo6lJ0

  Score

  10^/10

  discoveryphishingwannacrydefense_evasionexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Downloads MZ/PE file

  • A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png

    phishing

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2