Source: Yara match | File source: THN6clTA6P.exe, type: SAMPLE |
Source: Yara match | File source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000001.00000002.265600976.000000000040F000.00000008.00000001.01000000.00000005.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.262463921.000000000040F000.00000008.00000001.01000000.00000005.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: THN6clTA6P.exe PID: 2996, type: MEMORYSTR |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly) |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT) |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: Win32_Ransomware_WannaCry Author: ReversingLabs |
Source: 1.2.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly) |
Source: 1.2.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: 1.2.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry Author: ReversingLabs |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly) |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT) |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry Author: ReversingLabs |
Source: 1.2.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly) |
Source: 1.2.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: 1.2.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry Author: ReversingLabs |
Source: 1.0.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly) |
Source: 1.0.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: 1.0.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry Author: ReversingLabs |
Source: 1.0.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly) |
Source: 1.0.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: 1.0.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry Author: ReversingLabs |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly) |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT) |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry Author: ReversingLabs |
Source: 00000001.00000000.262558061.0000000000710000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: 00000001.00000002.265724046.0000000000710000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: THN6clTA6P.exe, type: SAMPLE | Matched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.2.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T |
Source: 1.2.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: 1.2.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: 1.0.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.2.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T |
Source: 1.2.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: 1.2.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.0.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T |
Source: 1.0.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: 1.0.THN6clTA6P.exe.7100a4.1.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.0.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T |
Source: 1.0.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: 1.0.THN6clTA6P.exe.7100a4.1.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: 1.2.THN6clTA6P.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_WannaCry tc_detection_name = WannaCry, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000001.00000000.262558061.0000000000710000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: 00000001.00000002.265724046.0000000000710000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set |
Source: C:\Users\user\Desktop\THN6clTA6P.exe | Code function: 1_2_00407CE0 InternetCloseHandle,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FindResourceA,LoadResource,LockResource,SizeofResource,sprintf,sprintf,sprintf,MoveFileExA, |
Source: C:\Users\user\Desktop\THN6clTA6P.exe | Code function: GetAdaptersInfo,LocalAlloc,GetAdaptersInfo,LocalFree,inet_addr,inet_addr,inet_addr,htonl,htonl,htonl,htonl,GetPerAdapterInfo,LocalAlloc,GetPerAdapterInfo,inet_addr,htonl,htonl,htonl,htonl,LocalFree,LocalFree, |