wannacry | eed86ba53d4d84ceef045203667f3a4a4636948c36d4bb45ba8de5d69bf87778 | Triage

Submit
Reports

Overview

overview

Static

static

3

eed86ba53d...78.exe

windows7-x64

eed86ba53d...78.exe

windows10-2004-x64

Sharing

General

Target

eed86ba53d4d84ceef045203667f3a4a4636948c36d4bb45ba8de5d69bf87778.exe
Size

5.0MB
Sample

231205-v9m1msdh87
MD5

58a71165053c76d81f99b3d46d4739a2
SHA1

7ed53c7f2c2628e576ee2436d3493aaa7d371265
SHA256

eed86ba53d4d84ceef045203667f3a4a4636948c36d4bb45ba8de5d69bf87778
SHA512

4b43646a9590b5e5c95daae4b71f6e5c676d69461bd209b8b6c0cdf41c196921df0b57438f27f242918f85f4d68d642d213a6da910542e686ce7238f1c97608e
SSDEEP

98304:yDqPoB2SUDk36SAEdhvxWa9P593R8yAVp2H:yDqPDxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eed86ba53d4d84ceef045203667f3a4a4636948c36d4bb45ba8de5d69bf87778.exe

Resource

win7-20231025-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

eed86ba53d4d84ceef045203667f3a4a4636948c36d4bb45ba8de5d69bf87778.exe

Resource

win10v2004-20231127-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  eed86ba53d4d84ceef045203667f3a4a4636948c36d4bb45ba8de5d69bf87778.exe
- Size
  
  5.0MB
- MD5
  
  58a71165053c76d81f99b3d46d4739a2
- SHA1
  
  7ed53c7f2c2628e576ee2436d3493aaa7d371265
- SHA256
  
  eed86ba53d4d84ceef045203667f3a4a4636948c36d4bb45ba8de5d69bf87778
- SHA512
  
  4b43646a9590b5e5c95daae4b71f6e5c676d69461bd209b8b6c0cdf41c196921df0b57438f27f242918f85f4d68d642d213a6da910542e686ce7238f1c97608e
- SSDEEP
  
  98304:yDqPoB2SUDk36SAEdhvxWa9P593R8yAVp2H:yDqPDxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3105) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (3196) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy