wannacry | 63f6bf6640811cfbd0cc24092af0999dfaa2fe22e043aedef8b333c04dceaaa3 | Triage

Sharing

General

Target

2024-04-16_5e131ab68cd546b1123f171f1fe6e209_wannacry
Size

2.2MB
Sample

240416-f8zwgscd71
MD5

5e131ab68cd546b1123f171f1fe6e209
SHA1

acaae08e2d65ac628dd7c0b385ae725ae0938b4f
SHA256

63f6bf6640811cfbd0cc24092af0999dfaa2fe22e043aedef8b333c04dceaaa3
SHA512

652ea697965a8166d5aa3c167945acf0696513c9601526293404e9f5f170fef66de8cb4c16333880397c5b496c64db4674aa98b88e79d62e95a823e969281cfe
SSDEEP

49152:QnFQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAgqGi:QeqPoBhz1aRxcSUDk36SAgHi

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-04-16_5e131ab68cd546b1123f171f1fe6e209_wannacry
- Size
  
  2.2MB
- MD5
  
  5e131ab68cd546b1123f171f1fe6e209
- SHA1
  
  acaae08e2d65ac628dd7c0b385ae725ae0938b4f
- SHA256
  
  63f6bf6640811cfbd0cc24092af0999dfaa2fe22e043aedef8b333c04dceaaa3
- SHA512
  
  652ea697965a8166d5aa3c167945acf0696513c9601526293404e9f5f170fef66de8cb4c16333880397c5b496c64db4674aa98b88e79d62e95a823e969281cfe
- SSDEEP
  
  49152:QnFQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAgqGi:QeqPoBhz1aRxcSUDk36SAgHi
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3203) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm