wannacry | b16646ff78586a4be0c309470413db9f9317a1f1548c8482af802d9273e69ef5 | Triage

Submit
Reports

Overview

overview

Static

static

b16646ff78...f5.dll

windows7_x64

b16646ff78...f5.dll

windows10_x64

Sharing

General

Target

b16646ff78586a4be0c309470413db9f9317a1f1548c8482af802d9273e69ef5
Size

5.0MB
Sample

210515-3632ytqv8s
MD5

17464a712d66c4dc954e392394f920dd
SHA1

45fd965dc3e2a325c1f132f1f30e38ce1d89d44e
SHA256

b16646ff78586a4be0c309470413db9f9317a1f1548c8482af802d9273e69ef5
SHA512

fc97ea8fc0f99c1f15673f2e3d01f39db44f3c5cf35e82b4baca1b503a2684688830d30cc73345b816ddc10ce870c2f69471765630a37ccb843afd352eb3f7d2

Score

10^/10

wannacry evasion ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

b16646ff78586a4be0c309470413db9f9317a1f1548c8482af802d9273e69ef5.dll

Resource

win7v20210408

wannacry ransomware worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b16646ff78586a4be0c309470413db9f9317a1f1548c8482af802d9273e69ef5.dll

Resource

win10v20210410

wannacry evasion ransomware worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b16646ff78586a4be0c309470413db9f9317a1f1548c8482af802d9273e69ef5
- Size
  
  5.0MB
- MD5
  
  17464a712d66c4dc954e392394f920dd
- SHA1
  
  45fd965dc3e2a325c1f132f1f30e38ce1d89d44e
- SHA256
  
  b16646ff78586a4be0c309470413db9f9317a1f1548c8482af802d9273e69ef5
- SHA512
  
  fc97ea8fc0f99c1f15673f2e3d01f39db44f3c5cf35e82b4baca1b503a2684688830d30cc73345b816ddc10ce870c2f69471765630a37ccb843afd352eb3f7d2
Score

10^/10

wannacry ransomware worm evasion
- Modifies firewall policy service
  evasion
- Suspicious use of NtCreateProcessExOtherParentProcess
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacryevasionransomwareworm

© 2018-2024

Terms | Privacy