wannacry | 133adc02f231842c65138dd52a2f6374bad801432ca9040d20309bfe612646ea | Triage

Sharing

General

Target

2024-04-04_3a6889e0fd7c9a9bac4dd67b91b0e05a_wannacry
Size

3.6MB
Sample

240404-rqjbkaab3w
MD5

3a6889e0fd7c9a9bac4dd67b91b0e05a
SHA1

4d9650e4c07076b1ee2701d8daa8690c48f45548
SHA256

133adc02f231842c65138dd52a2f6374bad801432ca9040d20309bfe612646ea
SHA512

ae56da1608a3cff3f7acba03b64c5b2d45c3ef83ac29422fdc11ad7ac8d6be9c3d29381dd01b8a3c43514e333a1e6df51ecb99587ec7ce11cc32f9a9908231cf
SSDEEP

49152:XnjQAENbcBVQej/1INRx+TSqTdX1HkQo6SA6dhnvxJM0H9PA:X8A+oBhz1aRxcSUDk36SA6dhvxWa9P

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-04-04_3a6889e0fd7c9a9bac4dd67b91b0e05a_wannacry
- Size
  
  3.6MB
- MD5
  
  3a6889e0fd7c9a9bac4dd67b91b0e05a
- SHA1
  
  4d9650e4c07076b1ee2701d8daa8690c48f45548
- SHA256
  
  133adc02f231842c65138dd52a2f6374bad801432ca9040d20309bfe612646ea
- SHA512
  
  ae56da1608a3cff3f7acba03b64c5b2d45c3ef83ac29422fdc11ad7ac8d6be9c3d29381dd01b8a3c43514e333a1e6df51ecb99587ec7ce11cc32f9a9908231cf
- SSDEEP
  
  49152:XnjQAENbcBVQej/1INRx+TSqTdX1HkQo6SA6dhnvxJM0H9PA:X8A+oBhz1aRxcSUDk36SA6dhvxWa9P
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3287) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm