wannacry | 2e67865b954436c36f6233e1cd7337e643f4369639a7c8f7175721e884981884 | Triage

Submit
Reports

Overview

overview

Static

static

2e67865b95...84.dll

windows10_x64

Resubmissions

24-06-2022 15:06

220624-sgy64adbbj 10

22-06-2022 08:47

220622-kpxz1aegd4 10

Sharing

General

Target

2e67865b954436c36f6233e1cd7337e643f4369639a7c8f7175721e884981884
Size

5.0MB
Sample

220624-sgy64adbbj
MD5

5d446ad3d84db7a2acad9b403129e072
SHA1

38bb2766c0bf3f1a06ef60f4ec9d1cf35c878964
SHA256

2e67865b954436c36f6233e1cd7337e643f4369639a7c8f7175721e884981884
SHA512

3d376e294269ffdf5c18972512ca2e89d6735705318d51dd1d8d3ea12d0b301be052b979243cb1e9e546693d3f762083fcf58817a8b91b6555ffc97ff5758452

Score

10^/10

wannacry discovery ransomware suricata worm

Static task

static1

Behavioral task

behavioral1

Sample

2e67865b954436c36f6233e1cd7337e643f4369639a7c8f7175721e884981884.dll

Resource

win10-20220414-en

wannacry discovery ransomware suricata worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2e67865b954436c36f6233e1cd7337e643f4369639a7c8f7175721e884981884
- Size
  
  5.0MB
- MD5
  
  5d446ad3d84db7a2acad9b403129e072
- SHA1
  
  38bb2766c0bf3f1a06ef60f4ec9d1cf35c878964
- SHA256
  
  2e67865b954436c36f6233e1cd7337e643f4369639a7c8f7175721e884981884
- SHA512
  
  3d376e294269ffdf5c18972512ca2e89d6735705318d51dd1d8d3ea12d0b301be052b979243cb1e9e546693d3f762083fcf58817a8b91b6555ffc97ff5758452
Score

10^/10

wannacry discovery ransomware suricata worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata
- suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata
- Contacts a large (12096) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwaresuricataworm

© 2018-2024

Terms | Privacy