General

  • Target

    Win32.Wannacry.exe

  • Size

    5.0MB

  • Sample

    230123-nzgybada94

  • MD5

    30fe2f9a048d7a734c8d9233f64810ba

  • SHA1

    2027a053de21bd5c783c3f823ed1d36966780ed4

  • SHA256

    55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3

  • SHA512

    b657b02506f768db3255293b0c86452b4dfdd30804629c323aaa9510a3b637b0906e5963179ef7d4aaedc14646f2be2b4292e6584a6c55c6ddb596cff7f20e2a

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:+DqPoBhz1aRxcSUDk36SAEdhvxWa9

Malware Config

Targets

    • Target

      Win32.Wannacry.exe

    • Size

      5.0MB

    • MD5

      30fe2f9a048d7a734c8d9233f64810ba

    • SHA1

      2027a053de21bd5c783c3f823ed1d36966780ed4

    • SHA256

      55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3

    • SHA512

      b657b02506f768db3255293b0c86452b4dfdd30804629c323aaa9510a3b637b0906e5963179ef7d4aaedc14646f2be2b4292e6584a6c55c6ddb596cff7f20e2a

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:+DqPoBhz1aRxcSUDk36SAEdhvxWa9

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Network Service Scanning

1
T1046

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks