wannacry | d14e01c6a99c69afe3fa4da43eaac290883dfa239b3c3956207b9981bd92f8d3 | Triage

Sharing

General

Target

d14e01c6a99c69afe3fa4da43eaac290883dfa239b3c3956207b9981bd92f8d3
Size

42KB
Sample

210515-3pnzwkvere
MD5

bc63a811632e3900a5100c330ef85399
SHA1

ba46b87f0671ea3f5f38450a50840d983482e005
SHA256

d14e01c6a99c69afe3fa4da43eaac290883dfa239b3c3956207b9981bd92f8d3
SHA512

a532e0afee9b6ed54bbaa27a4f4ec941c4368397ccc36b129fd50478603215bdb3ba357b9811bd894dbe9f170d27426a81d458776320e7b99f3788f34f193db4

Score

10^/10

wannacry persistence ransomware worm

Malware Config

Targets

- Target
  
  d14e01c6a99c69afe3fa4da43eaac290883dfa239b3c3956207b9981bd92f8d3
- Size
  
  42KB
- MD5
  
  bc63a811632e3900a5100c330ef85399
- SHA1
  
  ba46b87f0671ea3f5f38450a50840d983482e005
- SHA256
  
  d14e01c6a99c69afe3fa4da43eaac290883dfa239b3c3956207b9981bd92f8d3
- SHA512
  
  a532e0afee9b6ed54bbaa27a4f4ec941c4368397ccc36b129fd50478603215bdb3ba357b9811bd894dbe9f170d27426a81d458776320e7b99f3788f34f193db4
Score

10^/10

wannacry ransomware worm persistence
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2