wannacry | cf713cb4ecf1aee0756285012464f6b9e9e46a6d15afa432faf8c4d3576e8f73 | Triage

Submit
Reports

Overview

overview

Static

static

db28383ba1...14.exe

windows7-x64

db28383ba1...14.exe

windows10-2004-x64

Sharing

General

Target

db28383ba1d804c5c224bfb865d71f14
Size

3.6MB
Sample

220825-x8bbkahggj
MD5

db28383ba1d804c5c224bfb865d71f14
SHA1

8e7286ca8cb98cc4804c8bb917e43ead79480506
SHA256

cf713cb4ecf1aee0756285012464f6b9e9e46a6d15afa432faf8c4d3576e8f73
SHA512

b7436ca4b2acf89080caafb37e2252ebf5ffa5e2caf06bcc7e57c033f83a5724e34cda237eab03cd484e427a8ad35d2fcf7ddb4008e12493344776b73853442f
SSDEEP

24576:xbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqvO1Dq:xnAQqMSPbcBVQej/zOhq

Score

10^/10

wannacry discovery evasion ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

db28383ba1d804c5c224bfb865d71f14.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

db28383ba1d804c5c224bfb865d71f14.exe

Resource

win10v2004-20220812-en

wannacry discovery evasion ransomware worm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  db28383ba1d804c5c224bfb865d71f14
- Size
  
  3.6MB
- MD5
  
  db28383ba1d804c5c224bfb865d71f14
- SHA1
  
  8e7286ca8cb98cc4804c8bb917e43ead79480506
- SHA256
  
  cf713cb4ecf1aee0756285012464f6b9e9e46a6d15afa432faf8c4d3576e8f73
- SHA512
  
  b7436ca4b2acf89080caafb37e2252ebf5ffa5e2caf06bcc7e57c033f83a5724e34cda237eab03cd484e427a8ad35d2fcf7ddb4008e12493344776b73853442f
- SSDEEP
  
  24576:xbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqvO1Dq:xnAQqMSPbcBVQej/zOhq
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3119) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1223) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm

© 2018-2024

Terms | Privacy