wannacry | c712ab1138d0dbccc4857d5b285ae54d75dd109452c22ad661b8869c5b9bbddf | Triage

Submit
Reports

Overview

overview

Static

static

34881d8425...9a.exe

windows7-x64

34881d8425...9a.exe

windows10-2004-x64

Sharing

General

Target

34881d8425c4344ef20acea47336e89a
Size

3.6MB
Sample

220920-ved49adhe8
MD5

34881d8425c4344ef20acea47336e89a
SHA1

00a4da44c4dfe13124198e914e5a8a7bbe4dcd15
SHA256

c712ab1138d0dbccc4857d5b285ae54d75dd109452c22ad661b8869c5b9bbddf
SHA512

9e4f32f17b097a241c86ca756b526bf98afb0728ccfc710edcca97955a253db59a53c4d143d2738b4cf7915404523e7958f7f9a85d03f8ac70e1df6f66f17639
SSDEEP

98304:JDqPoBhz1aRxcSUDk36SAI593R8yAVp2:JDqPe1Cxcxk3ZAIzR8yc4

Score

10^/10

wannacry discovery evasion ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

34881d8425c4344ef20acea47336e89a.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

34881d8425c4344ef20acea47336e89a.exe

Resource

win10v2004-20220812-en

wannacry discovery evasion ransomware worm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  34881d8425c4344ef20acea47336e89a
- Size
  
  3.6MB
- MD5
  
  34881d8425c4344ef20acea47336e89a
- SHA1
  
  00a4da44c4dfe13124198e914e5a8a7bbe4dcd15
- SHA256
  
  c712ab1138d0dbccc4857d5b285ae54d75dd109452c22ad661b8869c5b9bbddf
- SHA512
  
  9e4f32f17b097a241c86ca756b526bf98afb0728ccfc710edcca97955a253db59a53c4d143d2738b4cf7915404523e7958f7f9a85d03f8ac70e1df6f66f17639
- SSDEEP
  
  98304:JDqPoBhz1aRxcSUDk36SAI593R8yAVp2:JDqPe1Cxcxk3ZAIzR8yc4
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3304) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1247) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm

© 2018-2024

Terms | Privacy