wannacry | ceb9ca270ae61671843654616bf042b79efc0f90ed02e86ad8435347e1f25f03 | Triage

Submit
Reports

Overview

overview

Static

static

ceb9ca270a...03.exe

windows7-x64

ceb9ca270a...03.exe

windows10-2004-x64

Sharing

General

Target

ceb9ca270ae61671843654616bf042b79efc0f90ed02e86ad8435347e1f25f03
Size

3.6MB
Sample

221104-xbdqesbgcr
MD5

bacea7964c14577dba023c6a709cd67d
SHA1

cb3220c23bdbd44fbe8f8e825fd634f63164887c
SHA256

ceb9ca270ae61671843654616bf042b79efc0f90ed02e86ad8435347e1f25f03
SHA512

6b4bdf18ef3fa2c211bf3ea0870a1072e3b73a0458aa07e99fb90233e6c7074a30e69379ad4a5439d3114b807832eea05fc57fbb32a4e6f17d03b01e1a490f45
SSDEEP

98304:oaPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp:oaPe1Cxcxk3ZAEUadzR8yc

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

Behavioral task

behavioral1

Sample

ceb9ca270ae61671843654616bf042b79efc0f90ed02e86ad8435347e1f25f03.exe

Resource

win7-20220812-en

wannacry discovery ransomware worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ceb9ca270ae61671843654616bf042b79efc0f90ed02e86ad8435347e1f25f03.exe

Resource

win10v2004-20220812-en

wannacry discovery ransomware worm

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  ceb9ca270ae61671843654616bf042b79efc0f90ed02e86ad8435347e1f25f03
- Size
  
  3.6MB
- MD5
  
  bacea7964c14577dba023c6a709cd67d
- SHA1
  
  cb3220c23bdbd44fbe8f8e825fd634f63164887c
- SHA256
  
  ceb9ca270ae61671843654616bf042b79efc0f90ed02e86ad8435347e1f25f03
- SHA512
  
  6b4bdf18ef3fa2c211bf3ea0870a1072e3b73a0458aa07e99fb90233e6c7074a30e69379ad4a5439d3114b807832eea05fc57fbb32a4e6f17d03b01e1a490f45
- SSDEEP
  
  98304:oaPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp:oaPe1Cxcxk3ZAEUadzR8yc
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3022) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1229) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy