Sample File: MD5 hash: f7c18136d44ce6e56710016841ca8aa3 SHA1 hash: 68994fa66e39ff9082f822e5a019b8bab4ec83af SHA256 hash: 74f9b8d8ad9cd5da148c4459560be843ee9443bf01e2bc7dff77fb333a470196 SSDEEP hash: 3072:X7idbvXLQ666C66G666i666o666y666B66c666G66f666+666u6669p666366o60:md7XgXtwU3xvpOVKW6Q Filename(s): GottaCry.exe Filetype: Windows Exe (x86-32) Mutex IOCs: Local\SM0:3848:120:WilError_01 Registry Key IOCs: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GottaCry HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\Users\DontFuckMe C:\Users\FD1HVy\Desktop C:\Users\FD1HVy\Desktop\--L05hp3fv9.png C:\Users\FD1HVy\Desktop\1C43JvIy2z.avi C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\5pFwrOduO_s_E.jpg C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\EKM1o2Ttc4D0Kn.flv C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\KpW aJ73U.gif C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\PiOj6qcCI-47.doc C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\QynV.flv C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\SrQU6.bmp C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\VWcoZ4s.m4a C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\W8 nshMTU_.m4a C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\gR5j2UyK7PW3S5L2SqLl.mp4 C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\hnSVWIs8tNNZcPDxr.wav C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\ki7IKF9ARfC_nN.m4a C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\ne81c0f.jpg C:\Users\FD1HVy\Desktop\4hFqVTgno3jT_N5-sB\t1fGlG4Fb3whav_0E_.jpg C:\Users\FD1HVy\Desktop\6IBxX2LNqhJFYXVQYS0W.bmp C:\Users\FD1HVy\Desktop\9N1u2btn9yPvOjA.m4a C:\Users\FD1HVy\Desktop\9nfD.gif C:\Users\FD1HVy\Desktop\CONgsjZCET.mp4 C:\Users\FD1HVy\Desktop\GottaCry.exe C:\Users\FD1HVy\Desktop\GottaCry.exe.config C:\Users\FD1HVy\Desktop\HcPQ9aQ09Z3yq.mp4 C:\Users\FD1HVy\Desktop\JQUOsla.gif C:\Users\FD1HVy\Desktop\JdOHkTwIW D- 2Su4U1X.flv C:\Users\FD1HVy\Desktop\LQ jOTd.mp3 C:\Users\FD1HVy\Desktop\LUepN7ov7Oz3L7J.mp3 C:\Users\FD1HVy\Desktop\LmFV6mZwywUte2Wx.mp3 C:\Users\FD1HVy\Desktop\NnSQ.mp3 C:\Users\FD1HVy\Desktop\O67RCTmouURcYS_.png C:\Users\FD1HVy\Desktop\S5R3CNV76ET.png C:\Users\FD1HVy\Desktop\SvZdTz5uu_dcureKFHD.wav C:\Users\FD1HVy\Desktop\U uNu4WFx4W Q.wav C:\Users\FD1HVy\Desktop\XwLYw.mp4 C:\Users\FD1HVy\Desktop\YB67 4.wav C:\Users\FD1HVy\Desktop\desktop.ini C:\Users\FD1HVy\Desktop\jo51jZ-8ooS.jpg C:\Users\FD1HVy\Desktop\kUyiUtgZT3aaZTCnGBG.wav C:\Users\FD1HVy\Desktop\m2XL.rtf C:\Users\FD1HVy\Desktop\nFaIgJNWTp4mMdZ.m4a C:\Users\FD1HVy\Desktop\r1t-hn57kceBTM0n.avi C:\Users\FD1HVy\Desktop\rDiKAyzeX.pptx C:\Users\FD1HVy\Desktop\rFDA42 soc19d.wav C:\Users\FD1HVy\Desktop\rR1ynxjK.wav C:\Users\FD1HVy\Desktop\sCti5J-zHdiT5J.pdf C:\Users\FD1HVy\Desktop\tZdJbSC_BxXs_dGdDs.jpg C:\Users\FD1HVy\Desktop\uludpfxqYRGHOoD hz.bmp C:\Users\FD1HVy\Desktop\uoSLaSZ.ots C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config MD5 hashes: f7c18136d44ce6e56710016841ca8aa3 SHA1 hashes: 68994fa66e39ff9082f822e5a019b8bab4ec83af SHA256 hashes: 74f9b8d8ad9cd5da148c4459560be843ee9443bf01e2bc7dff77fb333a470196 SSDEEP hashes: 3072:X7idbvXLQ666C66G666i666o666y666B66c666G66f666+666u6669p666366o60:md7XgXtwU3xvpOVKW6Q