Overview

overview

10

Static

static

3

2025-04-21...ry.exe

windows10-2004-x64

10

2025-04-21...ry.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/04/2025, 11:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-04-21_654c77eabb35b39d942e5cbce63bfc66_elex_wannacry.exe

  • Size

    3.6MB

  • MD5

    654c77eabb35b39d942e5cbce63bfc66

  • SHA1

    82c99a1342c367b0583c518a2987d550a50b9ca6

  • SHA256

    520ee8041c541271f208c206215851a4a0bc74c96f9a09c150389362cbacdb24

  • SHA512

    c7899800533a4ad0b68fec8f5ea469031d28d1cca4ba5f5a59278442ac19659b12c4a9c1231f4ac7382511e405cb70e9c0e7ef7b1a30f73cdf0d7331158d6e50

  • SSDEEP

    98304:yDqPoB2z1aRxcSUDk36SAEdhvxWa9C593R8yAVp2:yDqP11Cxcxk3ZAEUa0zR8yc4

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Contacts a large (3293) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-04-21_654c77eabb35b39d942e5cbce63bfc66_elex_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-04-21_654c77eabb35b39d942e5cbce63bfc66_elex_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2836
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:5336
  • C:\Users\Admin\AppData\Local\Temp\2025-04-21_654c77eabb35b39d942e5cbce63bfc66_elex_wannacry.exe
    C:\Users\Admin\AppData\Local\Temp\2025-04-21_654c77eabb35b39d942e5cbce63bfc66_elex_wannacry.exe -m security
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:4840

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    deb98080a489989d6e5db3a9faf496d1

    SHA1

    70fb4264d4fefe40ed70f3bdd609e11b84583b85

    SHA256

    54c7053f0dd9af0fde6e0967412813fab7b091bf79dabe03308602f6db05b1b4

    SHA512

    27b452f5c6c25e3d2ef27add07e14aa74bd88cb206fea134d9abafbdea5ae43c4b7830bbf4cd06565c2821c1d7b6db003e04ba0544133e4e0113612157f6abf4

    Download Submit