wannacry | 379d7d15f7031bc529fb5dd06cfb4db861036231705a340f3a7ee89cc88ef02f | Triage

Submit
Reports

Overview

overview

Static

static

379d7d15f7...2f.exe

windows7_x64

379d7d15f7...2f.exe

windows10-2004_x64

Sharing

General

Target

379d7d15f7031bc529fb5dd06cfb4db861036231705a340f3a7ee89cc88ef02f
Size

2.2MB
Sample

220625-2n6n7ahae6
MD5

2f28fe47a262ab5dd12dded7d5926a93
SHA1

f0e53cec9a92bac70667e30cc3b43cfe3899c03f
SHA256

379d7d15f7031bc529fb5dd06cfb4db861036231705a340f3a7ee89cc88ef02f
SHA512

301ca1adaac5c5e168b01047204cac8315ff425036d7a19c3bd33c87e92a731645b55c22ef16b2c90af1f4ea4cb02c3a3cd05dcf2a6debe9498ab2c57aa89019

Score

10^/10

wannacry discovery ransomware suricata worm

Static task

static1

Behavioral task

behavioral1

Sample

379d7d15f7031bc529fb5dd06cfb4db861036231705a340f3a7ee89cc88ef02f.exe

Resource

win7-20220414-en

wannacry ransomware suricata worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

379d7d15f7031bc529fb5dd06cfb4db861036231705a340f3a7ee89cc88ef02f.exe

Resource

win10v2004-20220414-en

wannacry discovery ransomware suricata worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  379d7d15f7031bc529fb5dd06cfb4db861036231705a340f3a7ee89cc88ef02f
- Size
  
  2.2MB
- MD5
  
  2f28fe47a262ab5dd12dded7d5926a93
- SHA1
  
  f0e53cec9a92bac70667e30cc3b43cfe3899c03f
- SHA256
  
  379d7d15f7031bc529fb5dd06cfb4db861036231705a340f3a7ee89cc88ef02f
- SHA512
  
  301ca1adaac5c5e168b01047204cac8315ff425036d7a19c3bd33c87e92a731645b55c22ef16b2c90af1f4ea4cb02c3a3cd05dcf2a6debe9498ab2c57aa89019
Score

10^/10

wannacry ransomware suricata worm discovery
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata
- suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata
- Contacts a large (2979) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwaresuricataworm

behavioral2

wannacrydiscoveryransomwaresuricataworm

© 2018-2024

Terms | Privacy