wannacry | bace69b2e8dadcb678ea0c0e6323075a3cc619d572c3abd34b21ec3608bdfb49 | Triage

Submit
Reports

Overview

overview

Static

static

6cbcc5c7e2...64.exe

windows7-x64

6cbcc5c7e2...64.exe

windows10-2004-x64

Sharing

General

Target

6cbcc5c7e252ff3489e4dd5b00d36b64
Size

3.6MB
Sample

220920-t8cb3shddk
MD5

6cbcc5c7e252ff3489e4dd5b00d36b64
SHA1

48435af2b5d2968023a9021b04aa6c4895ddaedf
SHA256

bace69b2e8dadcb678ea0c0e6323075a3cc619d572c3abd34b21ec3608bdfb49
SHA512

89be60e680a81eb2291efa849ad41a315e623089acb44c7e78e86745dd0f8deddd68ee1f4ffdb24019b30bd1310db720de6400c8dd2dd0659c80e3c18c7e86b0
SSDEEP

49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAsAMEcfHI:yDqPoBhz1aRxcSUDk36SAn55HI

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

6cbcc5c7e252ff3489e4dd5b00d36b64.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

6cbcc5c7e252ff3489e4dd5b00d36b64.exe

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  6cbcc5c7e252ff3489e4dd5b00d36b64
- Size
  
  3.6MB
- MD5
  
  6cbcc5c7e252ff3489e4dd5b00d36b64
- SHA1
  
  48435af2b5d2968023a9021b04aa6c4895ddaedf
- SHA256
  
  bace69b2e8dadcb678ea0c0e6323075a3cc619d572c3abd34b21ec3608bdfb49
- SHA512
  
  89be60e680a81eb2291efa849ad41a315e623089acb44c7e78e86745dd0f8deddd68ee1f4ffdb24019b30bd1310db720de6400c8dd2dd0659c80e3c18c7e86b0
- SSDEEP
  
  49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAsAMEcfHI:yDqPoBhz1aRxcSUDk36SAn55HI
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3178) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1231) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy