wannacry | 2f89c7a58b759c412a40981c8183a178412dfe439888c1d04cf1123de7a27ac3 | Triage

Sharing

General

Target

9c412bf568f77c36bc59106075eb8731
Size

3.6MB
Sample

220906-1e1k5sade4
MD5

9c412bf568f77c36bc59106075eb8731
SHA1

0736ca250488a5a49f1c5e60ce108c71759a106a
SHA256

2f89c7a58b759c412a40981c8183a178412dfe439888c1d04cf1123de7a27ac3
SHA512

eb13a4e7f65fb6249c00ff86237395a6124b2e5f8d914730791101306ebabf5ef1a980c6f398a230a491c21a2b4db5ba909351573f8ffc384eceb98a34343f55
SSDEEP

24576:XbLgddQhfdmiQdIVUacMNgef0QeQjG/D8kIqRYoAdNLKz6626M:XnAQqBKUacBVQej/1INRx

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  9c412bf568f77c36bc59106075eb8731
- Size
  
  3.6MB
- MD5
  
  9c412bf568f77c36bc59106075eb8731
- SHA1
  
  0736ca250488a5a49f1c5e60ce108c71759a106a
- SHA256
  
  2f89c7a58b759c412a40981c8183a178412dfe439888c1d04cf1123de7a27ac3
- SHA512
  
  eb13a4e7f65fb6249c00ff86237395a6124b2e5f8d914730791101306ebabf5ef1a980c6f398a230a491c21a2b4db5ba909351573f8ffc384eceb98a34343f55
- SSDEEP
  
  24576:XbLgddQhfdmiQdIVUacMNgef0QeQjG/D8kIqRYoAdNLKz6626M:XnAQqBKUacBVQej/1INRx
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (1171) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacryransomwareworm