Overview

overview

3

Static

static

3

WannaCry2.0-main.zip

windows10-ltsc_2021-x64

1

Resubmissions

16/03/2025, 11:14

250316-nb82wsspy4 3

16/03/2025, 10:39

250316-mp3xcssks8 10

16/03/2025, 10:38

250316-mpmkdasks3 10

Analysis

  • max time kernel
    136s
  • max time network
    105s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    16/03/2025, 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WannaCry2.0-main.zip

  • Size

    3.4MB

  • MD5

    8df4da9f105c1efe0312277681ab7657

  • SHA1

    2f59ed04ceaca4a13e84edd6d176b2a6e6d6b2ff

  • SHA256

    a80032c76c5b96b652ad059098578b5afa4539c665650f2ae073b76657e889e0

  • SHA512

    7c012c8b0e123a568631777bfc87cb2f92209d3aa221ed63ef7a07ae38a039f2d63f051190043d0acddd42b75ae2d718e81ea094253fdcf7d638bc52cf767c7d

  • SSDEEP

    98304:Phvb2BVmAw0p9jIVcEj5nnZNRyA30yBSRTA:Phvq7Bu6EZnZN5EyBS6

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\WannaCry2.0-main.zip
    1⤵
      PID:1360
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /0
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2252
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
      1⤵
        PID:5192
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Modifies registry class
        PID:4624
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:936
        • C:\Program Files\7-Zip\7zG.exe
          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap24472:90:7zEvent9198
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:5056
        • C:\Program Files\7-Zip\7zG.exe
          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\WannaCry2.0-main\" -an -ai#7zMap18073:130:7zEvent10169
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3892

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Desktop\WannaCry2.0-main\Ransomware.WannaCry.zip
          Filesize

          3.3MB

          MD5

          efe76bf09daba2c594d2bc173d9b5cf0

          SHA1

          ba5de52939cb809eae10fdbb7fac47095a9599a7

          SHA256

          707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

          SHA512

          4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

          Download Submit

        • memory/2252-2-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-1-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-0-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-12-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-11-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-10-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-9-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-8-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-7-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-6-0x000001C3E6600000-0x000001C3E6601000-memory.dmp

          Filesize

          4KB

          Download