wannacry | bd55e0976da9f9e676f5b8387c81a90354b98ac58444058d2244a670e40696ec | Triage

Sharing

General

Target

muestras.zip
Size

8.8MB
Sample

240415-qvvpqaff23
MD5

5fab400739579614ebc9b0434e598a99
SHA1

411cdbc8cdae66d7c440d1387af7092dd31c0104
SHA256

bd55e0976da9f9e676f5b8387c81a90354b98ac58444058d2244a670e40696ec
SHA512

c62c817b1a5760e196823f8703dbbe38d10d850bb2ab4bfe895d7a15fb8661046fb9aac2ba9ab274c6ccc978875f4abe43665bf62cf748e40d368592287f6e44
SSDEEP

98304:QB9mXX5UXymphSodFQnMVJ34CUcg4MBOxymRrJBcnJJH3LyeV05:QcLx4VrU3BOxpiJt3OCS

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  Security.exe
- Size
  
  36KB
- MD5
  
  60db5cf12466686bb2821e3ba73c7694
- SHA1
  
  eb0fcee4f66277a54c33be051f85cc52f0536672
- SHA256
  
  c3c1d7ac3fbf75fb19f985db3fa16052b116db2a5321ad5684de19786df1bf7c
- SHA512
  
  7695c9f9375a23c4380ef7a9b8e12493c5ebe2f0a545ec5169e3ff8141f1dfdd6d033f2ac305e0f368bc665feb71824fbfa2cf1f7365d389aef1296a72446087
- SSDEEP
  
  384:LNTh3Aenf27SkCdyNTjDCLC9g6AyOdremo:L9Oke7SbMFHAj1emo
Score

1^/10
behavioral1 behavioral2
- Target
  
  Security_x64.exe
- Size
  
  39KB
- MD5
  
  4e32170d477b8ecb8a386560b2fc7633
- SHA1
  
  56165e507ff09941e74c9021050f635bf183face
- SHA256
  
  7589cde60b0cee04082b44334e53d973b0035f91ca6a5342ee009c3f94d3d0d7
- SHA512
  
  8b3c8e5fd097e61abee7ddaa593f82edfe4dcd4ae8f296168da8df62f35cc4599ee642186a2b1affe212f2504b8f98e102c1f9e86ab169dd73de25f3caf6d470
- SSDEEP
  
  768:T2tz0UbxPvW6npbdIH597xzqynepcXc6FyW2wpq2v1EOyo5HiayAx:6tXNXRbdIpqIepcM6FD2khtP5Hiarx
Score

1^/10
behavioral3 behavioral4
- Target
  
  Setup1.exe
- Size
  
  248KB
- MD5
  
  6c9ca1085414c4b2c0b2fe1fe6c9531c
- SHA1
  
  2b2531af4d1cafb574b5fea0f1cd8a62032c127e
- SHA256
  
  19e518f53ee8a1c2954dedeeeb507b331f9bf2e6edda23958fb7aabe38066536
- SHA512
  
  8408a3c4eb8157af967c9842e0c887b952a97642ef1af73dc11be418ab181eb5b80d379d6f008df2cd7cb01b56249e255527cc4558791cec1c01b97508bab185
- SSDEEP
  
  6144:ksuMamfDqaBv6xdnG6+hdbHSHqFJJe4XZ/:kS1H+NG6+h5371
Score

3^/10
behavioral5 behavioral6
- Target
  
  hh.exe
- Size
  
  16KB
- MD5
  
  3d0b9ea79bf1f828324447d84aa9dce2
- SHA1
  
  a42c8c2d26980bdfb10ccceb171bcb24900cf20f
- SHA256
  
  65c2b472d2f5c29b9f3b16ef803a85419c0c0a4088c128c96733584ae4017919
- SHA512
  
  fdec05e0f144f38a0de29589d5608eda4b34e0ea9f1129107d0e9e3210e8f25077402508477c3894557cab1078a99f0bf50e763a59d8c5775359b0308d3fbd33
- SSDEEP
  
  192:qgCqKuj3GrAwis6i2Pom1L2g04AbKS7bkz3Dm5GJ1KDJD/sWcqYr:cuj3GrDl60KL2ln7eyI1KD6WcqY
Score

1^/10
behavioral7 behavioral8
- Target
  
  mssecsvc.exe
- Size
  
  3.6MB
- MD5
  
  2cb069c56956bb9b6e62d393758d61a7
- SHA1
  
  220f4451f7ec2de03b482ddcf28c6ecda3e5366f
- SHA256
  
  0791f5ae5cbeec298082736457292521b23874ae0e77506c4ea12e65e3d2e52f
- SHA512
  
  13f47349f24593b4a0eb3094e816cf5c4bc826dc9a08c0ec9f5a4a55a17412b59fc6cfb2dcadbe1222c35e6d991e05605bf7db98b53557a2c128e831171babf3
- SSDEEP
  
  98304:yDqPoO1aRxcSUDk36SAEdhvxWa9P593RU:yDqPj1Cxcxk3ZAEUadzRU
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3252) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  qeriuwjhrf
- Size
  
  3.4MB
- MD5
  
  d59d6d48c3d6e9292c296e557a186391
- SHA1
  
  7f0916d7befcf929521087cde11b6d94d7331154
- SHA256
  
  905ad8e2fc1f98ab1e934de1d01d85973291ccadd41c85ba1a7dcc3b2af6ed96
- SHA512
  
  7b2fc97070ac47e6596cfe0da96b1b1369feeb4ab62af136f172ee306187cee3e04b68b8f786d7b4b4dee49054d53a33cd8048abdc8cba9853b3e119a08ac23e
- SSDEEP
  
  49152:nQqMSPbcO1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEcaEau3RCgHADO:QqPoO1aRxcSUDk36SAEdhvxWa9P593RH
Score

1^/10
behavioral11 behavioral12
- Target
  
  tasksche.exe
- Size
  
  3.4MB
- MD5
  
  d59d6d48c3d6e9292c296e557a186391
- SHA1
  
  7f0916d7befcf929521087cde11b6d94d7331154
- SHA256
  
  905ad8e2fc1f98ab1e934de1d01d85973291ccadd41c85ba1a7dcc3b2af6ed96
- SHA512
  
  7b2fc97070ac47e6596cfe0da96b1b1369feeb4ab62af136f172ee306187cee3e04b68b8f786d7b4b4dee49054d53a33cd8048abdc8cba9853b3e119a08ac23e
- SSDEEP
  
  49152:nQqMSPbcO1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEcaEau3RCgHADO:QqPoO1aRxcSUDk36SAEdhvxWa9P593RH
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

wannacrydiscoveryransomwareworm

behavioral10

wannacrydiscoveryransomwareworm

behavioral11

behavioral12

behavioral13

behavioral14