wannacry | 9ceba12c5261fc926ac60ed317e58104bb2cf3006eb50676b4e6438efac1c7ca | Triage

Submit
Reports

Overview

overview

Static

static

3

6c39c23412...72.dll

windows7-x64

6c39c23412...72.dll

windows10-2004-x64

Sharing

General

Target

6c39c234124edcec40195a3a6c40b172
Size

5.0MB
Sample

230530-sd1whsae7w
MD5

6c39c234124edcec40195a3a6c40b172
SHA1

cac5da384f8c7285c9996f46cf1e4aa3c8738630
SHA256

9ceba12c5261fc926ac60ed317e58104bb2cf3006eb50676b4e6438efac1c7ca
SHA512

3c9d8776b75fb2c3cf1566494a7ff75a58f2bf7fec388f7a4c27a0f644c4dab01376fce30d49872bf24aa9357e2a2a368f7b491f776db87d2dac80b5e582c06f
SSDEEP

24576:ubLgurgDdmMSirYbcMNgef0QeQjG/D8kIqJASk+RdhAdmvctA0pk9XEk:unsEMSPbcBVQej/NAARdhnvoAx

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6c39c234124edcec40195a3a6c40b172.dll

Resource

win7-20230220-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c39c234124edcec40195a3a6c40b172.dll

Resource

win10v2004-20230221-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c39c234124edcec40195a3a6c40b172
- Size
  
  5.0MB
- MD5
  
  6c39c234124edcec40195a3a6c40b172
- SHA1
  
  cac5da384f8c7285c9996f46cf1e4aa3c8738630
- SHA256
  
  9ceba12c5261fc926ac60ed317e58104bb2cf3006eb50676b4e6438efac1c7ca
- SHA512
  
  3c9d8776b75fb2c3cf1566494a7ff75a58f2bf7fec388f7a4c27a0f644c4dab01376fce30d49872bf24aa9357e2a2a368f7b491f776db87d2dac80b5e582c06f
- SSDEEP
  
  24576:ubLgurgDdmMSirYbcMNgef0QeQjG/D8kIqJASk+RdhAdmvctA0pk9XEk:unsEMSPbcBVQej/NAARdhnvoAx
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3231) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1489) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy