wannacry | 215aa41b66baccb3fe4501b32ef7e9cf2ffe2ff1c0e8608c2b0f083b2a8578a0 | Triage

Submit
Reports

Overview

overview

Static

static

3b400deed8...df.exe

windows7-x64

3b400deed8...df.exe

windows10-2004-x64

Sharing

General

Target

3b400deed87414bd2b8d9f40c3107ddf
Size

3.6MB
Sample

220825-ybxc7shhfl
MD5

3b400deed87414bd2b8d9f40c3107ddf
SHA1

b0a8ab1b8b8886b51d13ba6608cf7b1e46b7121b
SHA256

215aa41b66baccb3fe4501b32ef7e9cf2ffe2ff1c0e8608c2b0f083b2a8578a0
SHA512

6ec1a81c2de0a757067eb0c554d92fb57392ba017f6b7e6d0bc7041fe1cfaeb4c8b3f60d7bc16b225bf4982887b963b2f7ad11c4dfddaa9eb889bd346e011f54
SSDEEP

49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhn:yDqPoBhz1aRxcSUDk36SAEdh

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

3b400deed87414bd2b8d9f40c3107ddf.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

3b400deed87414bd2b8d9f40c3107ddf.exe

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  3b400deed87414bd2b8d9f40c3107ddf
- Size
  
  3.6MB
- MD5
  
  3b400deed87414bd2b8d9f40c3107ddf
- SHA1
  
  b0a8ab1b8b8886b51d13ba6608cf7b1e46b7121b
- SHA256
  
  215aa41b66baccb3fe4501b32ef7e9cf2ffe2ff1c0e8608c2b0f083b2a8578a0
- SHA512
  
  6ec1a81c2de0a757067eb0c554d92fb57392ba017f6b7e6d0bc7041fe1cfaeb4c8b3f60d7bc16b225bf4982887b963b2f7ad11c4dfddaa9eb889bd346e011f54
- SSDEEP
  
  49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhn:yDqPoBhz1aRxcSUDk36SAEdh
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3186) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1305) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy