wannacry | bf9b8a89148553fa0da5d2270bf7db0b5482df6517867410fead18192d5135a1 | Triage

Submit
Reports

Overview

overview

Static

static

1ee069455e...2c.dll

windows7-x64

1ee069455e...2c.dll

windows10-2004-x64

Sharing

General

Target

1ee069455ec3b2de5eaefe54a536962c
Size

5.0MB
Sample

220720-bq8y8aaaf8
MD5

1ee069455ec3b2de5eaefe54a536962c
SHA1

6b3e9bd6122e40ee69d3bd441213fc1505c0d419
SHA256

bf9b8a89148553fa0da5d2270bf7db0b5482df6517867410fead18192d5135a1
SHA512

f021b5820e4a89608e87e1ce050fe2fa28b7930492bdb7823389e590f94988c967849abc6615a8c66c337a3f31df9a8bfddee6bf9e43ff497f93c57ec5cef6b9

Score

10^/10

wannacry discovery evasion ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

1ee069455ec3b2de5eaefe54a536962c.dll

Resource

win7-20220718-en

wannacry discovery ransomware worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ee069455ec3b2de5eaefe54a536962c.dll

Resource

win10v2004-20220718-en

wannacry discovery evasion ransomware worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  1ee069455ec3b2de5eaefe54a536962c
- Size
  
  5.0MB
- MD5
  
  1ee069455ec3b2de5eaefe54a536962c
- SHA1
  
  6b3e9bd6122e40ee69d3bd441213fc1505c0d419
- SHA256
  
  bf9b8a89148553fa0da5d2270bf7db0b5482df6517867410fead18192d5135a1
- SHA512
  
  f021b5820e4a89608e87e1ce050fe2fa28b7930492bdb7823389e590f94988c967849abc6615a8c66c337a3f31df9a8bfddee6bf9e43ff497f93c57ec5cef6b9
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3247) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1266) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in Drivers directory
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm

© 2018-2024

Terms | Privacy