wannacry | 55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3 | Triage

Submit
Reports

Overview

overview

Static

static

55504677f8...e3.dll

windows7_x64

55504677f8...e3.dll

windows10-2004_x64

Sharing

General

Target

55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3
Size

5.0MB
Sample

220201-he4npaacan
MD5

30fe2f9a048d7a734c8d9233f64810ba
SHA1

2027a053de21bd5c783c3f823ed1d36966780ed4
SHA256

55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3
SHA512

b657b02506f768db3255293b0c86452b4dfdd30804629c323aaa9510a3b637b0906e5963179ef7d4aaedc14646f2be2b4292e6584a6c55c6ddb596cff7f20e2a

Score

10^/10

wannacry persistence ransomware suricata worm

Static task

static1

Behavioral task

behavioral1

Sample

55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3.dll

Resource

win7-en-20211208

wannacry ransomware suricata worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3.dll

Resource

win10v2004-en-20220113

wannacry persistence ransomware suricata worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3
- Size
  
  5.0MB
- MD5
  
  30fe2f9a048d7a734c8d9233f64810ba
- SHA1
  
  2027a053de21bd5c783c3f823ed1d36966780ed4
- SHA256
  
  55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3
- SHA512
  
  b657b02506f768db3255293b0c86452b4dfdd30804629c323aaa9510a3b637b0906e5963179ef7d4aaedc14646f2be2b4292e6584a6c55c6ddb596cff7f20e2a
Score

10^/10

wannacry ransomware suricata worm persistence
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata
- suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwaresuricataworm

behavioral2

wannacrypersistenceransomwaresuricataworm

© 2018-2024

Terms | Privacy