wannacry | 36dde0acce43dac1e5baa8e4b121a96f9aa0315c4386a203f6ea4e56534c7859 | Triage

Submit
Reports

Overview

overview

Static

static

36dde0acce...59.dll

windows7_x64

36dde0acce...59.dll

windows10-2004_x64

Sharing

General

Target

36dde0acce43dac1e5baa8e4b121a96f9aa0315c4386a203f6ea4e56534c7859
Size

5.0MB
Sample

220626-bk8q9sddc2
MD5

59e0d7e76406e4c90cba5d6be0fc6902
SHA1

f564280d12b7da6b0063243fc649ce95d3e89705
SHA256

36dde0acce43dac1e5baa8e4b121a96f9aa0315c4386a203f6ea4e56534c7859
SHA512

b66eaf5ce643d90f8b2266d0cc26508b55d98458e140b13db24d1ca82a54d67f0c009ac8173753fca30f873e07cfd1e08d7100ed1a2e99d59374271834149413

Score

10^/10

wannacry discovery ransomware suricata worm

Static task

static1

Behavioral task

behavioral1

Sample

36dde0acce43dac1e5baa8e4b121a96f9aa0315c4386a203f6ea4e56534c7859.dll

Resource

win7-20220414-en

wannacry discovery ransomware suricata worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

36dde0acce43dac1e5baa8e4b121a96f9aa0315c4386a203f6ea4e56534c7859.dll

Resource

win10v2004-20220414-en

wannacry discovery ransomware suricata worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  36dde0acce43dac1e5baa8e4b121a96f9aa0315c4386a203f6ea4e56534c7859
- Size
  
  5.0MB
- MD5
  
  59e0d7e76406e4c90cba5d6be0fc6902
- SHA1
  
  f564280d12b7da6b0063243fc649ce95d3e89705
- SHA256
  
  36dde0acce43dac1e5baa8e4b121a96f9aa0315c4386a203f6ea4e56534c7859
- SHA512
  
  b66eaf5ce643d90f8b2266d0cc26508b55d98458e140b13db24d1ca82a54d67f0c009ac8173753fca30f873e07cfd1e08d7100ed1a2e99d59374271834149413
Score

10^/10

wannacry discovery ransomware suricata worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
  suricata
- suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
  suricata
- Contacts a large (3159) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1317) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwaresuricataworm

behavioral2

wannacrydiscoveryransomwaresuricataworm

© 2018-2024

Terms | Privacy