wannacry | 536d57cc6472a9464de16f0b875fa3884a7bdbb3cdfbfc2391cc63698d93403f | Triage

Sharing

General

Target

7a60943b74e7d36a2b1b922f07432a83
Size

5.0MB
Sample

221129-kky2hafg8y
MD5

7a60943b74e7d36a2b1b922f07432a83
SHA1

a037d09259b42f0d8da5ee0cf3e0a53d994506e0
SHA256

536d57cc6472a9464de16f0b875fa3884a7bdbb3cdfbfc2391cc63698d93403f
SHA512

f466588c3862d9bf5bbe8c32f4e5daa7df9a3e22abcc83cc07c1b88a5026f19594a14f84758025f6204bf8329300053ce6817b9765419bc601296089f7120b08
SSDEEP

98304:d8qPoBhz1aRxcSUDk36SAkhu3R8yAVp2:d8qPe1Cxcxk3ZAzR8yc4

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  7a60943b74e7d36a2b1b922f07432a83
- Size
  
  5.0MB
- MD5
  
  7a60943b74e7d36a2b1b922f07432a83
- SHA1
  
  a037d09259b42f0d8da5ee0cf3e0a53d994506e0
- SHA256
  
  536d57cc6472a9464de16f0b875fa3884a7bdbb3cdfbfc2391cc63698d93403f
- SHA512
  
  f466588c3862d9bf5bbe8c32f4e5daa7df9a3e22abcc83cc07c1b88a5026f19594a14f84758025f6204bf8329300053ce6817b9765419bc601296089f7120b08
- SSDEEP
  
  98304:d8qPoBhz1aRxcSUDk36SAkhu3R8yAVp2:d8qPe1Cxcxk3ZAzR8yc4
Score

10^/10

wannacry ransomware worm discovery
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm