General
-
Target
2025-01-25_87ed765171e1a1bcad9a331bfa094360_wannacry
-
Size
619KB
-
Sample
250125-xh1hrswmgv
-
MD5
87ed765171e1a1bcad9a331bfa094360
-
SHA1
7db04b4b6e6f6246ab830367996e3a2ccfa0799f
-
SHA256
441c1aa1a603a4f77a118d5469ff8a6f8346b7f3225cbba7f3f726ec734aeb5c
-
SHA512
17af72c21461e97e274e6178b92d84c94c41cedcd4a8f46edd47e08482bcc32dd40eed4dc7f466392b57ed3cc5a22d61ff078ebfdc18e82e943c7b7faf2f1541
-
SSDEEP
12288:u+dknyzlV0tt5IbDEylitqURFiUq1wWmCdZ75UJTAEXNwcyvoKe47H:lsDTYDJRW
Behavioral task
behavioral1
Sample
2025-01-25_87ed765171e1a1bcad9a331bfa094360_wannacry.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2025-01-25_87ed765171e1a1bcad9a331bfa094360_wannacry.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2025-01-25_87ed765171e1a1bcad9a331bfa094360_wannacry
-
Size
619KB
-
MD5
87ed765171e1a1bcad9a331bfa094360
-
SHA1
7db04b4b6e6f6246ab830367996e3a2ccfa0799f
-
SHA256
441c1aa1a603a4f77a118d5469ff8a6f8346b7f3225cbba7f3f726ec734aeb5c
-
SHA512
17af72c21461e97e274e6178b92d84c94c41cedcd4a8f46edd47e08482bcc32dd40eed4dc7f466392b57ed3cc5a22d61ff078ebfdc18e82e943c7b7faf2f1541
-
SSDEEP
12288:u+dknyzlV0tt5IbDEylitqURFiUq1wWmCdZ75UJTAEXNwcyvoKe47H:lsDTYDJRW
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1