analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://github.com/ytisf/theZoo/blob/master/malwares/Binaries/Ransomware.WannaCry/Ransomware.WannaCry.zip

Full analysis: https://app.any.run/tasks/e9f6757a-528a-4bed-a475-a136ff2864f0
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: December 06, 2019, 18:51:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
ransomware
wannacry
wannacryptor
Indicators:
MD5:

7B28057A910FF9DFE6698C8A2E71194D

SHA1:

2BD53EDCA876F9EB6D32A44E95B1F345004C175C

SHA256:

D54214046B336D57BCEFB71B9689EBE283D6E0E028F9E5675EE969C29F249ECA

SSDEEP:

3:N8tEdsxHuJKqIEHD9KzzumLLEg7yNmmLLEg6kVn:2u6tuJKz+xKzy8HR8xVn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

    • Writes file to Word startup folder

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • WannaCry Ransomware was detected

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)
      • cmd.exe (PID: 3292)

    • Modifies files in Chrome extension folder

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3528)
      • taskhsvc.exe (PID: 884)

    • Starts BCDEDIT.EXE to disable recovery

      • cmd.exe (PID: 2260)

    • Deletes shadow copies

      • cmd.exe (PID: 2260)

    • Loads the Task Scheduler COM API

      • wbengine.exe (PID: 3764)

    • Changes the autorun value in the registry

      • reg.exe (PID: 1876)

    • Actions looks like stealing of personal data

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

  • SUSPICIOUS

    • Uses ICACLS.EXE to modify access control list

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2708)
      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)
      • @[email protected] (PID: 2356)

    • Uses ATTRIB.EXE to modify file attributes

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3116)

    • Creates files like Ransomware instruction

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Starts CMD.EXE for commands execution

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)
      • @[email protected] (PID: 3484)

    • Creates files in the program directory

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Executed as Windows Service

      • vssvc.exe (PID: 3136)
      • vds.exe (PID: 1600)
      • wbengine.exe (PID: 3764)

    • Creates files in the Windows directory

      • wbadmin.exe (PID: 2608)

    • Creates files in the user directory

      • taskhsvc.exe (PID: 884)
      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Executed via COM

      • vdsldr.exe (PID: 3952)
      • DllHost.exe (PID: 1364)

    • Low-level read access rights to disk partition

      • wbengine.exe (PID: 3764)
      • vds.exe (PID: 1600)

    • Uses REG.EXE to modify Windows registry

      • cmd.exe (PID: 3036)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2344)
      • chrome.exe (PID: 3116)

    • Changes internet zones settings

      • iexplore.exe (PID: 2344)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3412)
      • chrome.exe (PID: 3116)

    • Reads the hosts file

      • chrome.exe (PID: 3116)
      • chrome.exe (PID: 3732)

    • Manual execution by user

      • chrome.exe (PID: 3116)
      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)
      • WINWORD.EXE (PID: 1448)
      • NOTEPAD.EXE (PID: 284)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3412)

    • Dropped object may contain TOR URL's

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Dropped object may contain URL to Tor Browser

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)

    • Dropped object may contain Bitcoin addresses

      • ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe (PID: 1952)
      • taskhsvc.exe (PID: 884)

    • Creates files in the user directory

      • WINWORD.EXE (PID: 1448)

    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 1448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
128
Monitored processes
74
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs #WANNACRY ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe attrib.exe no specs icacls.exe no specs chrome.exe no specs taskdl.exe no specs cmd.exe no specs @[email protected] #WANNACRY cmd.exe no specs @[email protected] no specs taskhsvc.exe searchprotocolhost.exe no specs chrome.exe no specs cmd.exe vssadmin.exe no specs vssvc.exe no specs wmic.exe no specs bcdedit.exe no specs bcdedit.exe no specs wbadmin.exe no specs wbengine.exe no specs vdsldr.exe no specs vds.exe no specs taskdl.exe no specs @[email protected] no specs cmd.exe no specs reg.exe PhotoViewer.dll no specs winword.exe no specs taskdl.exe no specs @[email protected] no specs taskdl.exe no specs @[email protected] no specs notepad.exe no specs taskdl.exe no specs @[email protected] no specs taskdl.exe no specs @[email protected] no specs taskdl.exe no specs @[email protected] no specs taskdl.exe no specs @[email protected] no specs

Process information

PID
CMD
Path
Indicators
Parent process
2344"C:\Program Files\Internet Explorer\iexplore.exe" "https://github.com/ytisf/theZoo/blob/master/malwares/Binaries/Ransomware.WannaCry/Ransomware.WannaCry.zip"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3412"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2344 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3116"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
784"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6d08a9d0,0x6d08a9e0,0x6d08a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3880"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1152 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2580"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,268079056983458721,8618855842997347449,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4907777641121800594 --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3732"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=988,268079056983458721,8618855842997347449,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=10720915943137373022 --mojo-platform-channel-handle=1628 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2880"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,268079056983458721,8618855842997347449,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3664205051043644646 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2452"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,268079056983458721,8618855842997347449,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14899759615657957837 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3308"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,268079056983458721,8618855842997347449,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9399260981605679960 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
3 243
Read events
2 771
Write events
0
Delete events
0

Modification events

No data
Executable files
18
Suspicious files
602
Text files
767
Unknown types
32

Dropped files

PID
Process
Filename
Type
2344iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2344iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:D779F6D5E069EA8C752D1E2C262CC12B
SHA256:80647E9754E7C65D8A57A7789648503AA94F137BC85356419E0C94A16E8CF583
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9XLSEPHU\background_gradient[1]image
MD5:20F0110ED5E4E0D5384A496E4880139B
SHA256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:5B62C13D97D3E9A8A72D46CA5136DCAB
SHA256:4F053C5055E702BB748E9931D4931CC3474C241F98C488FD3D9F49D2B0DDB238
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DBN4S1BV\down[1]image
MD5:555E83CE7F5D280D7454AF334571FB25
SHA256:70F316A5492848BB8242D49539468830B353DDAA850964DB4E60A6D2D7DB4880
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OG676XUP\favcenter[1]image
MD5:25D76EE5FB5B890F2CC022D94A42FE19
SHA256:07D07A467E4988D3C377ACD6DC9E53ABCA6B64E8FBF70F6BE19D795A1619289B
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DBN4S1BV\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
2344iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
3412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OG676XUP\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
52
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3732
chrome.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
3732
chrome.exe
GET
200
74.125.155.199:80
http://r1---sn-p5qs7n7z.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=85.203.20.5&mm=28&mn=sn-p5qs7n7z&ms=nvh&mt=1575658165&mv=m&mvi=0&pl=24&shardbypass=yes
US
crx
293 Kb
whitelisted
3732
chrome.exe
GET
302
172.217.22.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
512 b
whitelisted
3732
chrome.exe
GET
200
173.194.7.57:80
http://r3---sn-p5qlsnsr.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=85.203.20.5&mm=28&mn=sn-p5qlsnsr&ms=nvh&mt=1575658165&mv=m&mvi=2&pl=24&shardbypass=yes
US
crx
862 Kb
whitelisted
3732
chrome.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAoGMEJ%2FW7ztaVc5ZZO2RR8%3D
US
der
471 b
whitelisted
3732
chrome.exe
GET
302
172.217.22.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
507 b
whitelisted
2344
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3412
iexplore.exe
140.82.118.3:443
github.com
US
malicious
3732
chrome.exe
172.217.18.99:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3732
chrome.exe
172.217.22.67:443
www.google.com.ua
Google Inc.
US
whitelisted
3732
chrome.exe
172.217.18.110:443
apis.google.com
Google Inc.
US
whitelisted
3732
chrome.exe
172.217.22.35:443
www.gstatic.com
Google Inc.
US
whitelisted
2344
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3732
chrome.exe
172.217.22.3:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3732
chrome.exe
172.217.23.138:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3732
chrome.exe
216.58.207.77:443
accounts.google.com
Google Inc.
US
whitelisted
3732
chrome.exe
216.58.210.14:443
clients2.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
github.com
  • 140.82.118.3
shared
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
clientservices.googleapis.com
  • 172.217.18.99
whitelisted
accounts.google.com
  • 216.58.207.77
shared
www.google.com.ua
  • 172.217.22.67
whitelisted
fonts.googleapis.com
  • 172.217.23.138
whitelisted
www.gstatic.com
  • 172.217.22.35
whitelisted
fonts.gstatic.com
  • 172.217.22.3
whitelisted
apis.google.com
  • 172.217.18.110
whitelisted
ogs.google.com
  • 172.217.18.14
whitelisted

Threats

PID
Process
Class
Message
884
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 118
884
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
884
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
884
taskhsvc.exe
Potential Corporate Privacy Violation
POLICY [PTsecurity] TOR SSL connection
884
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 22
884
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 555
884
taskhsvc.exe
Misc Attack
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 98
884
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
884
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
884
taskhsvc.exe
Misc activity
ET POLICY TLS possible TOR SSL traffic
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/ytisf/theZoo/blob/master/malwares/Binaries/Ransomware.WannaCry/Ransomware.WannaCry.zip