wannacry | 34399769816747ba40e36a944c1b6d31d9d12d764fc4660c67e8160718af10d8 | Triage

Submit
Reports

Overview

overview

Static

static

3439976981...d8.dll

windows7_x64

3439976981...d8.dll

windows10-2004_x64

Sharing

General

Target

34399769816747ba40e36a944c1b6d31d9d12d764fc4660c67e8160718af10d8
Size

5.0MB
Sample

220619-15jejseagm
MD5

3391154277ecafd68d0ee71c82f191a8
SHA1

83bc849f4b43290bc002026ce9163dba172dbc68
SHA256

34399769816747ba40e36a944c1b6d31d9d12d764fc4660c67e8160718af10d8
SHA512

c6d1e2b0f718092bf6000ce7e894f97d3ebb1195acdb64c75756f62f8a63b5df69236f2634e2208975572c10172af6104d875155c040db72bdfeff7efdb9d2ca

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

34399769816747ba40e36a944c1b6d31d9d12d764fc4660c67e8160718af10d8.dll

Resource

win7-20220414-en

wannacry discovery ransomware worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

34399769816747ba40e36a944c1b6d31d9d12d764fc4660c67e8160718af10d8.dll

Resource

win10v2004-20220414-en

wannacry discovery ransomware worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  34399769816747ba40e36a944c1b6d31d9d12d764fc4660c67e8160718af10d8
- Size
  
  5.0MB
- MD5
  
  3391154277ecafd68d0ee71c82f191a8
- SHA1
  
  83bc849f4b43290bc002026ce9163dba172dbc68
- SHA256
  
  34399769816747ba40e36a944c1b6d31d9d12d764fc4660c67e8160718af10d8
- SHA512
  
  c6d1e2b0f718092bf6000ce7e894f97d3ebb1195acdb64c75756f62f8a63b5df69236f2634e2208975572c10172af6104d875155c040db72bdfeff7efdb9d2ca
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3124) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (729) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy