wannacry | d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7 | Triage

Submit
Reports

Overview

overview

Static

static

d085c477eb...c7.dll

windows7-x64

d085c477eb...c7.dll

windows10-2004-x64

Sharing

General

Target

d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7
Size

5.0MB
Sample

221010-nhmggabfb5
MD5

64f90ae0b16ad69df763d4172bf7b121
SHA1

cd13b94c91bcc035464c28ca953b1fca990f59d5
SHA256

d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7
SHA512

4d3987cf1e8f6d19f9d7c2009a579deb4793bba89fa12087a865ab4638b20183068520e656d0573974fd8ff8cc6b555f1b6289251d0864852412b070590b88fe
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9Z:+DqPoBhz1aRxcSUDk36SAEdhvxWa9Z

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7.dll

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7.dll

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7
- Size
  
  5.0MB
- MD5
  
  64f90ae0b16ad69df763d4172bf7b121
- SHA1
  
  cd13b94c91bcc035464c28ca953b1fca990f59d5
- SHA256
  
  d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7
- SHA512
  
  4d3987cf1e8f6d19f9d7c2009a579deb4793bba89fa12087a865ab4638b20183068520e656d0573974fd8ff8cc6b555f1b6289251d0864852412b070590b88fe
- SSDEEP
  
  49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9Z:+DqPoBhz1aRxcSUDk36SAEdhvxWa9Z
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3159) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1260) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy