wannacry | e4a91e117998546c0d7a323828259eb1b03af7af6acbbecab36fe80977305bbe | Triage

Submit
Reports

Overview

overview

Static

static

e4a91e1179...be.exe

windows7-x64

e4a91e1179...be.exe

windows10-2004-x64

Sharing

General

Target

e4a91e117998546c0d7a323828259eb1b03af7af6acbbecab36fe80977305bbe
Size

3.6MB
Sample

221014-ra5jvsdfcj
MD5

fc937204786d703513cf68413713f818
SHA1

747c09c318f7553da8aaafa08ba17ffc7e9ef383
SHA256

e4a91e117998546c0d7a323828259eb1b03af7af6acbbecab36fe80977305bbe
SHA512

b529689f07511bd9922ec05c7e851de85c45ef2fb34f768eb4fd5d98d440553a2641449757bf0288eff9c1349be54daf1b2507cfd210d28285a54452983dcac4
SSDEEP

98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:dDqPe1Cxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery evasion ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

e4a91e117998546c0d7a323828259eb1b03af7af6acbbecab36fe80977305bbe.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4a91e117998546c0d7a323828259eb1b03af7af6acbbecab36fe80977305bbe.exe

Resource

win10v2004-20220812-en

wannacry discovery evasion ransomware worm

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e4a91e117998546c0d7a323828259eb1b03af7af6acbbecab36fe80977305bbe
- Size
  
  3.6MB
- MD5
  
  fc937204786d703513cf68413713f818
- SHA1
  
  747c09c318f7553da8aaafa08ba17ffc7e9ef383
- SHA256
  
  e4a91e117998546c0d7a323828259eb1b03af7af6acbbecab36fe80977305bbe
- SHA512
  
  b529689f07511bd9922ec05c7e851de85c45ef2fb34f768eb4fd5d98d440553a2641449757bf0288eff9c1349be54daf1b2507cfd210d28285a54452983dcac4
- SSDEEP
  
  98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:dDqPe1Cxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (1210) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1498) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm

© 2018-2024

Terms | Privacy