Overview

overview

10

Static

static

3

202407041f...ry.exe

windows7-x64

10

202407041f...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2024 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    202407041f132682160c33b85bc32f280b2ce70cwannacry.exe

  • Size

    5.0MB

  • MD5

    1f132682160c33b85bc32f280b2ce70c

  • SHA1

    47666b3d473c5529ba76951a1f749f01b6e1ceb5

  • SHA256

    0136e271dc5aa1c134738a0eedb6bb662a0b7d45697d964d38af4c117d3c5f65

  • SHA512

    3c6d229b4be308fd6788072c202b42e06fbe92c4777ffd241f47b91e36b7c4d285cab7cfe7160cb7b3cba6b9115704dac054e0edfd5648854d6d0832c5189d94

  • SSDEEP

    49152:VnjQWKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:Z8IfBhz1aRxcSUDk36SAEdhv

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (3103) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\202407041f132682160c33b85bc32f280b2ce70cwannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\202407041f132682160c33b85bc32f280b2ce70cwannacry.exe"
    1⤵
    • Drops file in Windows directory
    PID:2236
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:1892
  • C:\Users\Admin\AppData\Local\Temp\202407041f132682160c33b85bc32f280b2ce70cwannacry.exe
    C:\Users\Admin\AppData\Local\Temp\202407041f132682160c33b85bc32f280b2ce70cwannacry.exe -m security
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2184

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe
    Filesize

    3.4MB

    MD5

    e137dadbaba64454a258e8f6f914dad4

    SHA1

    a039e8110d1a9b8209a49e12b2bafbcb2f117091

    SHA256

    ba0d9257fbda935cf006187d932aa839ad0985292e9ff0eb3ddad40d24cba26d

    SHA512

    78ad08ad991e5d70cdd682cba522ee1f907a671114f8dba3443f740d6b7d8cda72c1068e994be30869fd42ba9e21b663341e7f30e9d948bdbc0a98de08c42478

    Download Submit