WCry/WanaCry ransomware technical analysis
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Software - T1592.002 New Service - T1050 Service Execution - T1035 |
Common Information
| Type | Value |
|---|---|
| UUID | 8d88b773-eead-4b9a-8896-d7cb1e74b9ff |
| Fingerprint | a420903165250682 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 14, 2017, 4 p.m. |
| Added to db | Jan. 18, 2023, 11:08 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | WCry/WanaCry ransomware technical analysis |
| Title | WCry/WanaCry ransomware technical analysis |
| Detected Hints/Tags/Attributes | 82/2/36 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 47 | elastic.co |
|
| Details | Domain | 17 | www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com |
|
| Details | Domain | 14 | gx7ekbenv2riucmf.onion |
|
| Details | Domain | 13 | 57g7spgrzlojinas.onion |
|
| Details | Domain | 14 | xxlvbrloxvriy2c5.onion |
|
| Details | Domain | 14 | 76jdd2ir2embyv47.onion |
|
| Details | Domain | 13 | cwwnhwhlz52maqm7.onion |
|
| Details | Domain | 12 | dist.torproject.org |
|
| Details | Domain | 11 | 10.zip |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 5 | om.save |
|
| Details | Domain | 47 | microsoft.exchange |
|
| Details | File | 10 | mssecsvc.exe |
|
| Details | File | 27 | tasksche.exe |
|
| Details | File | 1 | c:\\windows\\tasksche.exe |
|
| Details | File | 10 | 10.zip |
|
| Details | File | 22 | taskdl.exe |
|
| Details | File | 22 | taskse.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 8 | m.vbs |
|
| Details | File | 5 | om.tar |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 21 | sqlserver.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 10 | taskhsvc.exe |
|
| Details | md5 | 1 | Db349b97c37d22f5ea1d1841e3c89eb4 |
|
| Details | md5 | 6 | 84c82835a5d21bbcf75a61706d8ab549 |
|
| Details | md5 | 1 | 96de5f0587f7201b9f5f16ba2e374f80 |
|
| Details | md5 | 8 | 7bf2b57f2a205768755c07f238fb32cc |
|
| Details | sha256 | 12 | 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c |
|
| Details | IPv4 | 7 | 0.2.9.10 |
|
| Details | Url | 9 | http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com |
|
| Details | Url | 6 | https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |