Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
30-03-2024 10:42
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exe
-
Size
3.6MB
-
MD5
01c4f6da599c61262916e58c6769da58
-
SHA1
8d976134841092646aa2e11fd5b36b800a9983bc
-
SHA256
27224344bcbd2e4b2baef34a42d5a68ae2ae0f666bedb4b2ab701c7ba3208c64
-
SHA512
f4a3c5700d2b2c712980943b59b0b75cc64028978e9e38f014b882c1f1889c769e56c05491a52a87163c528436777a9ec4f515df6c013a6d5b3f19b54e1bb461
-
SSDEEP
49152:XnjQqMSPbcBVQej/hINRx+TSqTdX1HkQo6SAARHqG:X8qPoBhzhaRxcSUDk36SAEHH
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3243) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
Processes:
tasksche.exepid process 5112 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
Processes:
2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exedescription ioc process File created C:\WINDOWS\tasksche.exe 2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exe"1⤵
- Drops file in Windows directory
PID:1620 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:5112
-
C:\Users\Admin\AppData\Local\Temp\2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-03-30_01c4f6da599c61262916e58c6769da58_wannacry.exe -m security1⤵PID:1316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD55692dd006355696ab35e397da9c04bc1
SHA17029b4e172709e082390d40e91a1767546385156
SHA256356c86a9ae6c7273603bcbe7a60df8cdb386024419b1fd3660ea8cb3ea29a892
SHA512cceb3b5262c403c95f660e104cc2e98bef77866320093061653dab4b27ef2fa6bcd36a1bff7565eb060c55d965b81a94d2e94e45889f66ce27f7c7b7da5aed04