wannacry | 2fc7ae2a16b562b608dfd0e899ab172375525e0577119afe17803740cf56a61b | Triage

Sharing

General

Target

2fc7ae2a16b562b608dfd0e899ab172375525e0577119afe17803740cf56a61b
Size

5.0MB
Sample

220621-xnkdqsche2
MD5

3695f6d3175e85e25ea3cc65ab3801cf
SHA1

a51d6b609237e90287fc6fafb0e2391893785112
SHA256

2fc7ae2a16b562b608dfd0e899ab172375525e0577119afe17803740cf56a61b
SHA512

816a004d5bed585351ae4f115d5746623999608565f761e998b56f305e646e69e847e1c15027cb3cd8fe106b95f4d2c3f0dc97ebbd9d49180849b3801173a75a

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2fc7ae2a16b562b608dfd0e899ab172375525e0577119afe17803740cf56a61b
- Size
  
  5.0MB
- MD5
  
  3695f6d3175e85e25ea3cc65ab3801cf
- SHA1
  
  a51d6b609237e90287fc6fafb0e2391893785112
- SHA256
  
  2fc7ae2a16b562b608dfd0e899ab172375525e0577119afe17803740cf56a61b
- SHA512
  
  816a004d5bed585351ae4f115d5746623999608565f761e998b56f305e646e69e847e1c15027cb3cd8fe106b95f4d2c3f0dc97ebbd9d49180849b3801173a75a
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (1267) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2