wannacry | 3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8 | Triage

Submit
Reports

Overview

overview

Static

static

3950179ee4...b8.dll

windows7_x64

3950179ee4...b8.dll

windows10-2004_x64

Sharing

General

Target

3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8
Size

5.0MB
Sample

220625-nkeveacef8
MD5

fd7c451d538bde5e7f4c44f9adcd9f20
SHA1

52bca09f35d9c23bd96d5bbad1fd5e06a245190f
SHA256

3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8
SHA512

fd2926b03f3680d2f9f05ed209c617f7e00069ee451e4bc2c1233dcf6d62f4f6bc414d3cd390fa9d66e814e1ab4364fa20ae0a58a4d496df7c07b250b43bcb0f

Score

10^/10

wannacry discovery ransomware suricata worm

Static task

static1

Behavioral task

behavioral1

Sample

3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8.dll

Resource

win7-20220414-en

wannacry discovery ransomware suricata worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8.dll

Resource

win10v2004-20220414-en

wannacry ransomware suricata worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8
- Size
  
  5.0MB
- MD5
  
  fd7c451d538bde5e7f4c44f9adcd9f20
- SHA1
  
  52bca09f35d9c23bd96d5bbad1fd5e06a245190f
- SHA256
  
  3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8
- SHA512
  
  fd2926b03f3680d2f9f05ed209c617f7e00069ee451e4bc2c1233dcf6d62f4f6bc414d3cd390fa9d66e814e1ab4364fa20ae0a58a4d496df7c07b250b43bcb0f
Score

10^/10

wannacry discovery ransomware suricata worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata
- suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata
- Contacts a large (1205) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwaresuricataworm

behavioral2

wannacryransomwaresuricataworm

© 2018-2024

Terms | Privacy