In our previous post we have seen how the the initial WannaCry executable configures the target system and creates the tasksche.exe file under C:\WINDOWS directory and executes it with command line argument /i. In this post we will continue our analysis to see what this process is upto. MD5 84C82835A5D21BBCF75A61706D8AB549 SHA-1 5FF465AFAABCBF0150D1A3AB2C2E74F3A4426467 FileDescription DiskPart OriginalFilename … Continue reading “WannaCry Ransomware Analysis”