General
-
Target
Main (1).lua
-
Size
354B
-
Sample
250127-tb73gswke1
-
MD5
865f8163347ffdcc10d9bd9d80b586eb
-
SHA1
a7bcd3a55d45a6cdd4d0cca5b185a41baca3cdc2
-
SHA256
d55d493a2557246903f0faad635df8f6d286589a037c6e6cb467a3f67d584d26
-
SHA512
535de35dbb763c10d328bc3fc673ed7bfa672e29edbf5380adc3e34585dab5295a795f6594cfcee88201a0e9f55f1eca4c611842b8a7eaad4a57ad4f7dc1153e
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry.zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Main (1).lua
-
Size
354B
-
MD5
865f8163347ffdcc10d9bd9d80b586eb
-
SHA1
a7bcd3a55d45a6cdd4d0cca5b185a41baca3cdc2
-
SHA256
d55d493a2557246903f0faad635df8f6d286589a037c6e6cb467a3f67d584d26
-
SHA512
535de35dbb763c10d328bc3fc673ed7bfa672e29edbf5380adc3e34585dab5295a795f6594cfcee88201a0e9f55f1eca4c611842b8a7eaad4a57ad4f7dc1153e
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3