wannacry | c3afa515f5b594145699c0e55be85f72a18614fceb34def8587fc04fac5c2178 | Triage

Submit
Reports

Overview

overview

Static

static

d3ec672641...2d.exe

windows7-x64

d3ec672641...2d.exe

windows10-2004-x64

Sharing

General

Target

d3ec672641453f5c89df88d4f8406c2d
Size

5.0MB
Sample

220825-ycsfmsagd4
MD5

d3ec672641453f5c89df88d4f8406c2d
SHA1

04d830bea0adf586eb26b87169f60f86496d8524
SHA256

c3afa515f5b594145699c0e55be85f72a18614fceb34def8587fc04fac5c2178
SHA512

17697e8b1c1cea78b3dd10543bfa3cb29b4b0511af05a2745f339391854914192fc6b8763313933d4f11f59600d09eee3aec043d0dfc1e01592fbb21cd47fc37
SSDEEP

98304:yDqPoBhz1aRxcSUDk36SAEdhvxWaN593R8yAVp2H:yDqPe1Cxcxk3ZAEUaNzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

d3ec672641453f5c89df88d4f8406c2d.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3ec672641453f5c89df88d4f8406c2d.exe

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3ec672641453f5c89df88d4f8406c2d
- Size
  
  5.0MB
- MD5
  
  d3ec672641453f5c89df88d4f8406c2d
- SHA1
  
  04d830bea0adf586eb26b87169f60f86496d8524
- SHA256
  
  c3afa515f5b594145699c0e55be85f72a18614fceb34def8587fc04fac5c2178
- SHA512
  
  17697e8b1c1cea78b3dd10543bfa3cb29b4b0511af05a2745f339391854914192fc6b8763313933d4f11f59600d09eee3aec043d0dfc1e01592fbb21cd47fc37
- SSDEEP
  
  98304:yDqPoBhz1aRxcSUDk36SAEdhvxWaN593R8yAVp2H:yDqPe1Cxcxk3ZAEUaNzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3341) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1060) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy