AkashRaghavendraHV/WannaCry-Malware-Analysis

# WannaCry Malware Analysis ## Overview This project presents a comprehensive static and dynamic analysis of the WannaCry ransomware sample. The analysis was performed in an isolated malware analysis lab environment using: - FLOSS - PEStudio - PE Bear - Procmon - TCPView - Wireshark - VirusTotal ## Objectives - Analyze file metadata - Extract strings - Identify suspicious imports - Monitor process creation - Observe network communications - Study ransomware behavior ## Key Findings ### Static Analysis - Embedded executable in resources - SMB-related strings - CryptoAPI imports - Service creation functions ### Dynamic Analysis - Creates hidden directories - Drops multiple payloads - Uses Tor communication - Attempts SMB propagation - Encrypts victim files ## Indicators of Compromise ### Domain http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com ### Files tasksche.exe taskhsvc.exe @WanaDecryptor@.exe ### Service mssecsvc2.0 ## Disclaimer This project is intended solely for educational and research purposes. No malware binaries are distributed.