Overview

overview

10

Static

static

3

2025-02-01...ry.exe

windows7-x64

10

2025-02-01...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-02-2025 17:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-02-01_ebe613da13b17d64516bb6c4cc57ab29_wannacry.exe

  • Size

    5.0MB

  • MD5

    ebe613da13b17d64516bb6c4cc57ab29

  • SHA1

    efd440e69f1edad195b406122677da20481fc0cc

  • SHA256

    dc4c2916487c6ea6f057535f5a2ed16e36106694c8c17d2e70f1eaaeeb6e995b

  • SHA512

    64e6de99f19cea0b8bfe936f197657896fae08a8b5856574bf6a4be434d780ea3cb68385c352e90f692d83d82405a0b2ce805049760d316a9fe34bb419f823be

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA7rz4or:yDqPoBhz1aRxcSUDk36SAerdr

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3108) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-02-01_ebe613da13b17d64516bb6c4cc57ab29_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-01_ebe613da13b17d64516bb6c4cc57ab29_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:3004
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:868
  • C:\Users\Admin\AppData\Local\Temp\2025-02-01_ebe613da13b17d64516bb6c4cc57ab29_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2025-02-01_ebe613da13b17d64516bb6c4cc57ab29_wannacry.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:4076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    23dfea040171643faf118130c9f66514

    SHA1

    e47d77b74114b0427b6a674a357b9df6a9afe231

    SHA256

    262a2c43808c6a08057b7e70ebe3d6665691b4873f98609205655cf3a08c64d6

    SHA512

    4dd0ffd23272f713f0d461dcb577c8a3d184b93d14f9a5612d0a5e55c1eb32ccf9e63831c61e8ad63ac1e092d3223114a11f797c10bac97d75ed40cf7f7bde68

    Download Submit