wannacry | fb906531e1ea9546e4df878394a50b9e679201c23a7ac59f69f5de2e6c0963a9 | Triage

Submit
Reports

Overview

overview

Static

static

fb906531e1...a9.dll

windows7-x64

fb906531e1...a9.dll

windows10-2004-x64

Sharing

General

Target

fb906531e1ea9546e4df878394a50b9e679201c23a7ac59f69f5de2e6c0963a9
Size

5.0MB
Sample

221010-e2r2maagdm
MD5

1e4a4f54b53b3f7dc1910eab98c1ddb5
SHA1

d48ba36a7699596d169cab53165d0d69c3f3ab4f
SHA256

fb906531e1ea9546e4df878394a50b9e679201c23a7ac59f69f5de2e6c0963a9
SHA512

804bea7c06739406c349ad66fbae311543e407a0992adb9d24dbbce6b28a91bb014903ae3807f1167858123fcfd232dc7c64387b807c384d42b803d97b21d359
SSDEEP

49152:RnGMSPbcBVL1INRx+TSqTdX1HkQo6SAARdhnv:1GPoB91aRxcSUDk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

fb906531e1ea9546e4df878394a50b9e679201c23a7ac59f69f5de2e6c0963a9.dll

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb906531e1ea9546e4df878394a50b9e679201c23a7ac59f69f5de2e6c0963a9.dll

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb906531e1ea9546e4df878394a50b9e679201c23a7ac59f69f5de2e6c0963a9
- Size
  
  5.0MB
- MD5
  
  1e4a4f54b53b3f7dc1910eab98c1ddb5
- SHA1
  
  d48ba36a7699596d169cab53165d0d69c3f3ab4f
- SHA256
  
  fb906531e1ea9546e4df878394a50b9e679201c23a7ac59f69f5de2e6c0963a9
- SHA512
  
  804bea7c06739406c349ad66fbae311543e407a0992adb9d24dbbce6b28a91bb014903ae3807f1167858123fcfd232dc7c64387b807c384d42b803d97b21d359
- SSDEEP
  
  49152:RnGMSPbcBVL1INRx+TSqTdX1HkQo6SAARdhnv:1GPoB91aRxcSUDk36SAEdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2655) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1261) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy