wannacry | c11b4b0ad85753e025f868992a6b4de73eaabecac9d5b3762e3223ab5d57011b | Triage

Sharing

General

Target

c11b4b0ad85753e025f868992a6b4de73eaabecac9d5b3762e3223ab5d57011b
Size

3.6MB
Sample

221011-r6e9vaadd3
MD5

59ced1d2c417c6ebd0a2a1c605e6062b
SHA1

265950bb706582290ad3876527eb840adeb0a463
SHA256

c11b4b0ad85753e025f868992a6b4de73eaabecac9d5b3762e3223ab5d57011b
SHA512

6995054ac112d71e69f1b601b3b2e7f71a0d9dcdb47bb41eb5055bd92c16ff8f36af194247a58affaf14cd234a8af8c91951182f81eb1a7772264fcd77bc05fa
SSDEEP

98304:oaPoBhz1aRxcSUDk36SAEdhI3R8yAVp2HI:oaPe1Cxcxk3ZAEmR8yc4HI

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  c11b4b0ad85753e025f868992a6b4de73eaabecac9d5b3762e3223ab5d57011b
- Size
  
  3.6MB
- MD5
  
  59ced1d2c417c6ebd0a2a1c605e6062b
- SHA1
  
  265950bb706582290ad3876527eb840adeb0a463
- SHA256
  
  c11b4b0ad85753e025f868992a6b4de73eaabecac9d5b3762e3223ab5d57011b
- SHA512
  
  6995054ac112d71e69f1b601b3b2e7f71a0d9dcdb47bb41eb5055bd92c16ff8f36af194247a58affaf14cd234a8af8c91951182f81eb1a7772264fcd77bc05fa
- SSDEEP
  
  98304:oaPoBhz1aRxcSUDk36SAEdhI3R8yAVp2HI:oaPe1Cxcxk3ZAEmR8yc4HI
Score

10^/10

wannacry ransomware worm discovery
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (1181) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm