General
-
Target
2025-03-13_4747e7b2953fb48716d483cfb0dfb6ed_wannacry
-
Size
3.4MB
-
Sample
250313-xn4glszxaz
-
MD5
4747e7b2953fb48716d483cfb0dfb6ed
-
SHA1
fd2fa5a1e60f87de718b44223b97dc5f26e74292
-
SHA256
002e3410e26547fa153aa13ccf762055778a200f8cf8bfb2386919f102bfaba7
-
SHA512
8eafcfe0baa42d7ce4d98fa736a9655c69b2ac17fc2cf60d77ac801cbe1aadfa84378ee892f19b086832eab497a854987483c02b9819217e7b1b07bfd3c7242e
-
SSDEEP
24576:0+3GXaMGYuIDYymlZlWnuVqVZ8ocZlhobsH8X56pbygqCvwsBOGVGXJeUHtFUKHu:VWnK9V4ITfVVvwYJKHF5
Behavioral task
behavioral1
Sample
2025-03-13_4747e7b2953fb48716d483cfb0dfb6ed_wannacry.exe
Resource
win7-20250207-en
Behavioral task
behavioral2
Sample
2025-03-13_4747e7b2953fb48716d483cfb0dfb6ed_wannacry.exe
Resource
win10v2004-20250313-en
Malware Config
Targets
-
-
Target
2025-03-13_4747e7b2953fb48716d483cfb0dfb6ed_wannacry
-
Size
3.4MB
-
MD5
4747e7b2953fb48716d483cfb0dfb6ed
-
SHA1
fd2fa5a1e60f87de718b44223b97dc5f26e74292
-
SHA256
002e3410e26547fa153aa13ccf762055778a200f8cf8bfb2386919f102bfaba7
-
SHA512
8eafcfe0baa42d7ce4d98fa736a9655c69b2ac17fc2cf60d77ac801cbe1aadfa84378ee892f19b086832eab497a854987483c02b9819217e7b1b07bfd3c7242e
-
SSDEEP
24576:0+3GXaMGYuIDYymlZlWnuVqVZ8ocZlhobsH8X56pbygqCvwsBOGVGXJeUHtFUKHu:VWnK9V4ITfVVvwYJKHF5
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1