wannacry | d47e22097bbc37fd9b1dc2fb68629a549f0537002749534a125560df5000c526 | Triage

Sharing

General

Target

2024-04-02_922770d64b0ad1570c8e691c059c040d_wannacry
Size

3.6MB
Sample

240402-ebhehagc37
MD5

922770d64b0ad1570c8e691c059c040d
SHA1

c2d27f72a23aa5fb0519ad32f3afcdcd799c4528
SHA256

d47e22097bbc37fd9b1dc2fb68629a549f0537002749534a125560df5000c526
SHA512

9d268610370ad0688c4b51e7f00907389575ea2f4fbf757881445ceee1b833c09699ec45a7298fb70cd9a49a8768adf7c21e73b84938ac92deead5205fa7a193
SSDEEP

24576:XbLgdVQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz66F+vbOSSqTPV:XnEQqMSPbcBVQej/1INRk+TSqTd

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-04-02_922770d64b0ad1570c8e691c059c040d_wannacry
- Size
  
  3.6MB
- MD5
  
  922770d64b0ad1570c8e691c059c040d
- SHA1
  
  c2d27f72a23aa5fb0519ad32f3afcdcd799c4528
- SHA256
  
  d47e22097bbc37fd9b1dc2fb68629a549f0537002749534a125560df5000c526
- SHA512
  
  9d268610370ad0688c4b51e7f00907389575ea2f4fbf757881445ceee1b833c09699ec45a7298fb70cd9a49a8768adf7c21e73b84938ac92deead5205fa7a193
- SSDEEP
  
  24576:XbLgdVQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz66F+vbOSSqTPV:XnEQqMSPbcBVQej/1INRk+TSqTd
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3191) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm