Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

3df6e06d7f6270903dda0e9e0da7ff6e
Size

5MB
Sample

220908-ym3z5acghk
MD5

3df6e06d7f6270903dda0e9e0da7ff6e
SHA1

29dcb3b3b9f9e5f6679ba6fa32531d4d92f567fb
SHA256

51c5225c4bf368296754697e310f1583300b5e85748be40dca5ff5647df4f8dc
SHA512

0cf97a1361b5b73569c4497958091b298c2c29c85ad734078165fbe0cb86c9776bd33463dbd7ecda8d147544d771b1ca6b8751bfc8135cb70eb257f211de3e94
SSDEEP

49152:snjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SA:M8qPoBhz1aRxcSUDk36SA

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  3df6e06d7f6270903dda0e9e0da7ff6e
- Size
  
  5MB
- MD5
  
  3df6e06d7f6270903dda0e9e0da7ff6e
- SHA1
  
  29dcb3b3b9f9e5f6679ba6fa32531d4d92f567fb
- SHA256
  
  51c5225c4bf368296754697e310f1583300b5e85748be40dca5ff5647df4f8dc
- SHA512
  
  0cf97a1361b5b73569c4497958091b298c2c29c85ad734078165fbe0cb86c9776bd33463dbd7ecda8d147544d771b1ca6b8751bfc8135cb70eb257f211de3e94
- SSDEEP
  
  49152:snjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SA:M8qPoBhz1aRxcSUDk36SA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3301) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1270) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Network Service Scanning

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm