wannacry | 3b133a754fc209550aec858dc4c2cc8024e640793173270e3d01c57b97848f26 | Triage

Submit
Reports

Overview

overview

Static

static

3b133a754f...26.dll

windows7_x64

3b133a754f...26.dll

windows10-2004_x64

Sharing

General

Target

3b133a754fc209550aec858dc4c2cc8024e640793173270e3d01c57b97848f26
Size

5.0MB
Sample

220703-wh3sfsbagn
MD5

8dadb8fd05dd1734501fc862a7135faa
SHA1

f2f6f467f7006025259fddd66b81386309ab0700
SHA256

3b133a754fc209550aec858dc4c2cc8024e640793173270e3d01c57b97848f26
SHA512

992a9806bfe2d715eb0b58dee589acdd7fa44a1a75ce794ef9c617d87443a6de9a5d3bfefacb7b965cbb15a730e254e261d0ac921c1d99143d105b688643783b

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

3b133a754fc209550aec858dc4c2cc8024e640793173270e3d01c57b97848f26.dll

Resource

win7-20220414-en

wannacry discovery ransomware worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3b133a754fc209550aec858dc4c2cc8024e640793173270e3d01c57b97848f26.dll

Resource

win10v2004-20220414-en

wannacry discovery ransomware worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3b133a754fc209550aec858dc4c2cc8024e640793173270e3d01c57b97848f26
- Size
  
  5.0MB
- MD5
  
  8dadb8fd05dd1734501fc862a7135faa
- SHA1
  
  f2f6f467f7006025259fddd66b81386309ab0700
- SHA256
  
  3b133a754fc209550aec858dc4c2cc8024e640793173270e3d01c57b97848f26
- SHA512
  
  992a9806bfe2d715eb0b58dee589acdd7fa44a1a75ce794ef9c617d87443a6de9a5d3bfefacb7b965cbb15a730e254e261d0ac921c1d99143d105b688643783b
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3050) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (980) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy