wannacry | 1bd50736a69035c57577b3534a88864b79b236b5b0e265051c41c150dd48ab81 | Triage

Sharing

General

Target

mssecsvc_0c694193ceac8bfb016491ffb534eb7c.zip
Size

3.4MB
Sample

231226-htryfabbb9
MD5

c429ae0c4e3b0088968d6d74dc90e50d
SHA1

30b1e7861e4be3cc3495daf9ee4d38473e5adb64
SHA256

1bd50736a69035c57577b3534a88864b79b236b5b0e265051c41c150dd48ab81
SHA512

03cfb39455e6079444e26a5cdca9c0c5bfe318d4f7ad56db9a6010ea0d344de6f46399ab85e2a393931e7227148ffe1b254be478aaa63596a15fe29eb5f71d82
SSDEEP

98304:VtX/wzYnXX3DNqxSqmIMzoIYUMB0fnfhctep5H:V56gHBhI+PJh4o

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  mssecsvc_0c694193ceac8bfb016491ffb534eb7c.zip
- Size
  
  3.4MB
- MD5
  
  c429ae0c4e3b0088968d6d74dc90e50d
- SHA1
  
  30b1e7861e4be3cc3495daf9ee4d38473e5adb64
- SHA256
  
  1bd50736a69035c57577b3534a88864b79b236b5b0e265051c41c150dd48ab81
- SHA512
  
  03cfb39455e6079444e26a5cdca9c0c5bfe318d4f7ad56db9a6010ea0d344de6f46399ab85e2a393931e7227148ffe1b254be478aaa63596a15fe29eb5f71d82
- SSDEEP
  
  98304:VtX/wzYnXX3DNqxSqmIMzoIYUMB0fnfhctep5H:V56gHBhI+PJh4o
Score

1^/10
behavioral1 behavioral2
- Target
  
  mssecsvc.bin
- Size
  
  3.6MB
- MD5
  
  0c694193ceac8bfb016491ffb534eb7c
- SHA1
  
  3afa73283d1e17de1bde6cc14e19417e70fc9554
- SHA256
  
  dbf3890b782ac04136c3336814eef97e3c0f4133f9592e882c131c179161b27b
- SHA512
  
  bfa729e9449c0a438cfb51fc9f4314022b2f18092938fd42702a06246edc865db77327399a8d21cc1fa208a99e3436e4a460cb010e428caddc638c3fa6547afb
- SSDEEP
  
  98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HI:yDqPe1Cxcxk3ZAEUadzR8yc4HI
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3074) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

wannacrydiscoveryransomwareworm

behavioral4

wannacrydiscoveryransomwareworm