WannaCry Ransomware – Revisited. Behavioural and Static Analysis Techniques

One of my earlier videos covered some basic analysis of the WannaCry sample, but to be honest the video wasn't the best in terms of explaining analysis techniques and the approach I tend to use. I've been meaning to re-do the video for some time, and finally I found the time to quickly cover it. Here, I show you the general approach I take when analysing samples, using both static and dynamic techniques. I also show you some tricks for network monitoring, patching binaries to trick them into infecting you, how to uncover passwords for password-protected zip files and much more. Hopefully it's useful. If you enjoyed the video, please press like. If you loved it, please subscribe. Also, you're welcome to follow me on https://twitter.com/cybercdh Cheers!

All Comments

  • only 360p ?

    alex Hansen May 10, 2019 3:40 pm Reply
  • 360p, I guess I'm too early 😀

    Greghouse May 10, 2019 3:50 pm Reply
  • hi there, can you do Jigsaw next?

    Jade Melve-Chanley May 10, 2019 3:55 pm Reply
  • I don't have background in coding, but still your videos are always great fun. Thanks!

    Blondie TheGood May 10, 2019 4:14 pm Reply
  • de warver imfamis

    thehen101 May 10, 2019 4:31 pm Reply
  • OMG! I've missed you Colin!

    Mikael Henriksson May 10, 2019 4:51 pm Reply
  • oh man a new video!, i guess you had really busy past few months :p
    thank you for keeping doing this!

    fliprabbit May 10, 2019 5:27 pm Reply
  • Great content, thanks!

    Albert Stoker May 10, 2019 7:30 pm Reply
  • Colin! It’s been so long but man your content is as great as ever

    iamismael May 10, 2019 8:32 pm Reply
  • Another great video! Thanks for the suggestion of microsoft network monitor!

    Spazzlo Spazzilo May 10, 2019 9:28 pm Reply
  • Wonderfully done as always.

    MaK aTTaK May 10, 2019 10:14 pm Reply
  • great video thank you – did you showed how to find the key ? I must have missed it

    Simpart Gaming May 11, 2019 2:10 am Reply
  • Nice work, Really appreciate your spirit of spreading knowledge.

    mheboob khan May 11, 2019 4:07 am Reply
  • awesome

    plushoom May 11, 2019 5:48 pm Reply
  • thanks sir your videos are really helpful

    Humphreys Pinto May 11, 2019 6:37 pm Reply
  • Any phobos ransomware decryption?

    firozkhan firozkhan May 12, 2019 2:15 am Reply
  • any idea how is it spreading over the network ?
    otherwise, interesting video thank you !

    Rachid AZGAOU May 12, 2019 6:42 am Reply
  • Great content. I have a few suggestions that I hope you would consider or shed some light on in the future:

    1- How to reverse the effect of the malware (decrypt the files), if possible
    2- How to set up a safe network between your VM and host so that the host isn't affected by malware spread on the VM
    3- First hints to look out for when checking a machine for malware (Startup etc), and how to spot a malware process/service from a windows one on an already-infected machine if they have the same name (svchost etc)

    In case any of these have been addressed in a previous video, please help me find it, thanks.

    Mohammad Dweik May 12, 2019 7:38 pm Reply
  • Hey Colin enjoyed the video as always I have got a question though at 9:48 you said there was a comparison with zero going on but why is it comparing EDI registry with itself instead of actual 0?

    brak brak May 13, 2019 9:33 am Reply

Leave a Comment

Your email address will not be published. Required fields are marked *