wannacry | 5527e5ed8fb971e705ebfe16f68e7a1175d80bdbfa92af672223fdc556f4fa9d | Triage

Submit
Reports

Overview

overview

Static

static

66da6bd2b7...19.dll

windows7_x64

66da6bd2b7...19.dll

windows10_x64

Sharing

General

Target

66da6bd2b703134d7b74901f8a059419
Size

5.0MB
Sample

201214-ll8d54gc9s
MD5

66da6bd2b703134d7b74901f8a059419
SHA1

6ccd5843205e31b34fecdc53ca8917abe70e961c
SHA256

5527e5ed8fb971e705ebfe16f68e7a1175d80bdbfa92af672223fdc556f4fa9d
SHA512

76af3d35d378a412e9e00c0baaf9897b6cfac945107f980b8768cab90e614499d724a87de05d3a6ea1195acc1eba45cfeb9ee6871b93e672c36c56fafd1d44b2

Score

10^/10

wannacry evasion ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

66da6bd2b703134d7b74901f8a059419.dll

Resource

win7v20201028

wannacry ransomware worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

66da6bd2b703134d7b74901f8a059419.dll

Resource

win10v20201028

wannacry evasion ransomware worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  66da6bd2b703134d7b74901f8a059419
- Size
  
  5.0MB
- MD5
  
  66da6bd2b703134d7b74901f8a059419
- SHA1
  
  6ccd5843205e31b34fecdc53ca8917abe70e961c
- SHA256
  
  5527e5ed8fb971e705ebfe16f68e7a1175d80bdbfa92af672223fdc556f4fa9d
- SHA512
  
  76af3d35d378a412e9e00c0baaf9897b6cfac945107f980b8768cab90e614499d724a87de05d3a6ea1195acc1eba45cfeb9ee6871b93e672c36c56fafd1d44b2
Score

10^/10

wannacry ransomware worm evasion
- Modifies firewall policy service
  evasion
- Suspicious use of NtCreateProcessExOtherParentProcess
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacryevasionransomwareworm

© 2018-2024

Terms | Privacy