Overview

overview

10

Static

static

3

2025-01-16...ry.exe

windows7-x64

10

2025-01-16...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-01-2025 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-16_a4aabf7da31774b54d65373e3364fe3c_wannacry.exe

  • Size

    3.6MB

  • MD5

    a4aabf7da31774b54d65373e3364fe3c

  • SHA1

    c810d1e778877cfef64e3da1d15cc09ad73ffc1a

  • SHA256

    df5ad668b846ad5a7e12bb165bebd8688328e5f8fe12744bbf19bd119cec0221

  • SHA512

    728c9518e6bfbb999117cdef4f3d892505d743d8350d5f2a26c1ae339b0cc14c339481d387fba35e99aded8065f4d08af71ed523c1fb4585cf8f26d18c9a0c4d

  • SSDEEP

    49152:XnAQqMSPbcBVQKxJM0H9PAMEcaEau3R8yAH1plAH:XDqPoBHxWa9P593R8yAVp2H

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3195) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-16_a4aabf7da31774b54d65373e3364fe3c_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-16_a4aabf7da31774b54d65373e3364fe3c_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2296
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:564
  • C:\Users\Admin\AppData\Local\Temp\2025-01-16_a4aabf7da31774b54d65373e3364fe3c_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2025-01-16_a4aabf7da31774b54d65373e3364fe3c_wannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    939f68fc954012fadc388bde86f15690

    SHA1

    6a98ba0cdca755b8ad9f61e71d94e0f1f336ea0e

    SHA256

    32d39e7a149a1a9783596b4c14a9f48e6415d1814cafac6fa1fdcf63c356d260

    SHA512

    a65ac5ab0e1af9c6e0671e99ccfa20801db2a6acb191f6f619d67697367a66261773d8263164b667025d4168c03f1e906555aac72599d0cfba7ac9d6f96c8dfe

    Download Submit