Overview

overview

10

Static

static

3

d907672759...85.dll

windows7-x64

10

d907672759...85.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2025 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d907672759069af4824b0354e9170285.dll

  • Size

    5.0MB

  • MD5

    d907672759069af4824b0354e9170285

  • SHA1

    d995544a19032e9cebdd6d76c03580a89bd7a330

  • SHA256

    4ad2a09b3c99f31faf5f46b2298dcf2e9c5b84a96732bffea2fcf4e2c2aa791e

  • SHA512

    4b95745fd90589bc154ca7a22bd5dd625332d0f7bf9a87db198e8253012871b7fb108793d7372658515ad2b4cdd12c5047ff06120d43c1de673e8e3b6d5ad6bd

  • SSDEEP

    49152:RnVENPbcBVQej/1INRx+TSqTdX1HkQo6SAA:1VOoBhz1aRxcSUDk36SA

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3282) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 3 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d907672759069af4824b0354e9170285.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d907672759069af4824b0354e9170285.dll,#1
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3880
      • C:\WINDOWS\mssecsvr.exe
        C:\WINDOWS\mssecsvr.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1488
        • C:\WINDOWS\tasksche.exe
          C:\WINDOWS\tasksche.exe /i
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2432
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 596
            5⤵
            • Program crash
            PID:4744
  • C:\WINDOWS\mssecsvr.exe
    C:\WINDOWS\mssecsvr.exe -m security
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:1136
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2432 -ip 2432
    1⤵
      PID:3440

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\mssecsvr.exe
      Filesize

      2.2MB

      MD5

      b15fb425b628062a7bb0f11dbaecf4ac

      SHA1

      016ebb19fb4a8d125867d63faa200e77df1273e7

      SHA256

      ebe31fd906bdf28945926cee334266abd14c7a81390c13867d1abfdc1dc8f540

      SHA512

      0db0b74354a5444d0a6134faa4dde79750ac110fee116235b5bb908988868f171b63966d5e2acb28319ea2138880777f284515520a5d1a945c163e35db98ef4c

      Download Submit

    • C:\Windows\tasksche.exe
      Filesize

      2.0MB

      MD5

      41c0e22d28973f312de789c027e61d0c

      SHA1

      193f7413961324eda1f3f8cd0f6010fcb73028ec

      SHA256

      282afb52e37bfb69d3016e1bb99e11aa9d6d9cb7759ba02279e44eeb9f504a9b

      SHA512

      d4196d39077e6f7ad8e402762fad33b3ce74558fd8c34b412dda96a118bb421927cec5816c6d5728de79288dfeccba066630211043b35c16c1a165a4bec19a37

      Download Submit