wannacry | e9ff498068bd03b19a9567d9478e1bf045c9cd9794f7ba0012d6ffbf01643d60 | Triage

Sharing

General

Target

e9ff498068bd03b19a9567d9478e1bf045c9cd9794f7ba0012d6ffbf01643d60.exe
Size

3.6MB
Sample

221011-r6ey3sadd2
MD5

9f75c295e2503a82fd1478aa72cbd221
SHA1

09fb701ddd78884d39a1669a0441a51976cd10ca
SHA256

e9ff498068bd03b19a9567d9478e1bf045c9cd9794f7ba0012d6ffbf01643d60
SHA512

15c1024e8b5217acba61cfed5967a6b78496b8a40d4f3079db19025228b1510d435d3075cb798d09689f9f449da0793680e02944b744c419126db50bd1f0a5e7
SSDEEP

98304:oaPoBhz1aRxcSUDk36SAEdhPP593R8yAVp2HI:oaPe1Cxcxk3ZAEjzR8yc4HI

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  e9ff498068bd03b19a9567d9478e1bf045c9cd9794f7ba0012d6ffbf01643d60.exe
- Size
  
  3.6MB
- MD5
  
  9f75c295e2503a82fd1478aa72cbd221
- SHA1
  
  09fb701ddd78884d39a1669a0441a51976cd10ca
- SHA256
  
  e9ff498068bd03b19a9567d9478e1bf045c9cd9794f7ba0012d6ffbf01643d60
- SHA512
  
  15c1024e8b5217acba61cfed5967a6b78496b8a40d4f3079db19025228b1510d435d3075cb798d09689f9f449da0793680e02944b744c419126db50bd1f0a5e7
- SSDEEP
  
  98304:oaPoBhz1aRxcSUDk36SAEdhPP593R8yAVp2HI:oaPe1Cxcxk3ZAEjzR8yc4HI
Score

10^/10

wannacry ransomware worm discovery
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (1138) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm