wannacry | 43c48bc1b4a7009d0ce346c65071b258e3bba0def18dac2c0741285f871f754b | Triage

Submit
Reports

Overview

overview

Static

static

9300d3362c...9a.exe

windows7-x64

9300d3362c...9a.exe

windows10-2004-x64

Sharing

General

Target

9300d3362c83d50f14479a0dbac1c29a
Size

2.2MB
Sample

220906-1czk3aach3
MD5

9300d3362c83d50f14479a0dbac1c29a
SHA1

1900d76947e8746e0ba93fcf954ede1b99b6381d
SHA256

43c48bc1b4a7009d0ce346c65071b258e3bba0def18dac2c0741285f871f754b
SHA512

9177562f5e642397b7f1fb3a889ee7f2fde8037dfe21d9da45d61e858fcd1ba2bbc83f8344e36969287a58025eabefa70615e338e8e13356efe5a5698d77b061
SSDEEP

49152:QnnMSPbcBVQejt1INRx+TSqTdX1HkQo6SA:QnPoBhJ1aRxcSUDk36SA

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

9300d3362c83d50f14479a0dbac1c29a.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

9300d3362c83d50f14479a0dbac1c29a.exe

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  9300d3362c83d50f14479a0dbac1c29a
- Size
  
  2.2MB
- MD5
  
  9300d3362c83d50f14479a0dbac1c29a
- SHA1
  
  1900d76947e8746e0ba93fcf954ede1b99b6381d
- SHA256
  
  43c48bc1b4a7009d0ce346c65071b258e3bba0def18dac2c0741285f871f754b
- SHA512
  
  9177562f5e642397b7f1fb3a889ee7f2fde8037dfe21d9da45d61e858fcd1ba2bbc83f8344e36969287a58025eabefa70615e338e8e13356efe5a5698d77b061
- SSDEEP
  
  49152:QnnMSPbcBVQejt1INRx+TSqTdX1HkQo6SA:QnPoBhJ1aRxcSUDk36SA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3347) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1273) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy