Overview

overview

10

Static

static

3

2025-01-17...ry.exe

windows7-x64

10

2025-01-17...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-01-2025 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-17_2ceb24afa6d55763092d09c55b7b9118_wannacry.exe

  • Size

    5.0MB

  • MD5

    2ceb24afa6d55763092d09c55b7b9118

  • SHA1

    ca7cebd8d729d2944545042365983c0ee16fc45d

  • SHA256

    88c726f5f1aaa2aa0b3e3414006d874b794ce1f19680b1d2e08f8289ee5a6835

  • SHA512

    73f0d14f8a255b8f08a043177d362df4e9ee3df977a823a9c034d8ed592db3be470d92790e8ec6f4fcc0144ca76838f810e8ecc88082eefd80635da748bc8174

  • SSDEEP

    12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+:2bLgddQhfdmMSirYbcMNgef0

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3302) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-17_2ceb24afa6d55763092d09c55b7b9118_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-17_2ceb24afa6d55763092d09c55b7b9118_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2628
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:3908
  • C:\Users\Admin\AppData\Local\Temp\2025-01-17_2ceb24afa6d55763092d09c55b7b9118_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2025-01-17_2ceb24afa6d55763092d09c55b7b9118_wannacry.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    70e2a2b3a0bd1e217b2f6039f9d411d8

    SHA1

    29fc4056c5a42901c473d8e5974104265e13868f

    SHA256

    97d5a88f68a9f74800f2c070fb1484ba1796e9cd31fe93824a8e2e39bc930291

    SHA512

    0cc2726f4f627cad46e6db2f0568bb823c56f37c3019533dd8b4fb3dc50407cef63621eec75a67e60401990a25de1932aba7dba21e8d7911545b4db9637d131d

    Download Submit