Overview

overview

10

Static

static

10

2025-03-28...ry.exe

windows7-x64

10

2025-03-28...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2025, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-28_4c0e5c4aa3eb66907cf32b7bd869dd8f_wannacry.exe

  • Size

    1.6MB

  • MD5

    4c0e5c4aa3eb66907cf32b7bd869dd8f

  • SHA1

    2f97ad58991c727a897f4613e00d6b24a3300a85

  • SHA256

    31aa2f05a7cd0b81002336c0f0b5397415b9ee70250862f91215e2bc4bb571d8

  • SHA512

    56ddad28ad605fe95b4b8f1ea00a130db1e07e082391ce2a1c8336d4ee6f177d1d9806b8a5e200ddc2bf7319f9ba44f194cb48f52f3e9f2c689e7d9b502eea51

  • SSDEEP

    24576:T1I8mdFc9nPV3EouDm6BkNEnzC5CW78UV:OFc3C37zCyG

Score
10/10
chaosransomware

Malware Config

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 4 IoCs
  • Chaos family
    chaos
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-28_4c0e5c4aa3eb66907cf32b7bd869dd8f_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-28_4c0e5c4aa3eb66907cf32b7bd869dd8f_wannacry.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1864
    • C:\Users\Admin\AppData\Roaming\svchost.exe
      "C:\Users\Admin\AppData\Roaming\svchost.exe"
      2⤵
        PID:1780

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\svchost.exe
      Filesize

      1.6MB

      MD5

      4c0e5c4aa3eb66907cf32b7bd869dd8f

      SHA1

      2f97ad58991c727a897f4613e00d6b24a3300a85

      SHA256

      31aa2f05a7cd0b81002336c0f0b5397415b9ee70250862f91215e2bc4bb571d8

      SHA512

      56ddad28ad605fe95b4b8f1ea00a130db1e07e082391ce2a1c8336d4ee6f177d1d9806b8a5e200ddc2bf7319f9ba44f194cb48f52f3e9f2c689e7d9b502eea51

      Download Submit

    • C:\Users\Admin\AppData\Roaming\svchost.exe
      Filesize

      71KB

      MD5

      c99150fbc770e9cdbaf77a95d7b1221a

      SHA1

      578261a2789ba0f7330dd66162867f0086c0254e

      SHA256

      c26d0aad4c3f40f9c9f363f7f7d6720d4afbacb4c4a56370336c1611e477b5f7

      SHA512

      99d36816e674d9d05cfa07c5b5d3afc1d46f0275b397251b1d10fa99f4a39ceba5d4cf478ed4c6c26786e83fab670c2f12233bb5baf3dd7a4ba27b936da351de

      Download Submit

    • memory/1780-8-0x00000000000A0000-0x000000000023E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1780-10-0x000007FEF59F0000-0x000007FEF63DC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1864-0-0x000007FEF59F3000-0x000007FEF59F4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1864-1-0x0000000000DC0000-0x0000000000F5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1864-2-0x000007FEF59F0000-0x000007FEF63DC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1864-9-0x000007FEF59F0000-0x000007FEF63DC000-memory.dmp

      Filesize

      9.9MB

      Download