wannacry | 48fc9ccb42ec0234df4d4f41db1d0cb1e1fe6aa5e640c28625aa3d73e65d2856 | Triage

Sharing

General

Target

0a9138624a09d2bd90e04a78799b35ac
Size

5.0MB
Sample

220720-bp4ywaaae8
MD5

0a9138624a09d2bd90e04a78799b35ac
SHA1

018aa130b119685c358514576ba3ba4d37b95e43
SHA256

48fc9ccb42ec0234df4d4f41db1d0cb1e1fe6aa5e640c28625aa3d73e65d2856
SHA512

24f7ed2d3a526ebfb1389833d2a7de79b565799c3bde644c67fdda37e0ca831c747d9267922caba4018dc4c16ec7b70825b44652cc69f6801d33b6af84d1958b

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  0a9138624a09d2bd90e04a78799b35ac
- Size
  
  5.0MB
- MD5
  
  0a9138624a09d2bd90e04a78799b35ac
- SHA1
  
  018aa130b119685c358514576ba3ba4d37b95e43
- SHA256
  
  48fc9ccb42ec0234df4d4f41db1d0cb1e1fe6aa5e640c28625aa3d73e65d2856
- SHA512
  
  24f7ed2d3a526ebfb1389833d2a7de79b565799c3bde644c67fdda37e0ca831c747d9267922caba4018dc4c16ec7b70825b44652cc69f6801d33b6af84d1958b
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (1313) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacryransomwareworm