wannacry | 1059540482ce72b673633aa38f1c3d98ace883c29eb9de811622a14af361f162 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-04-17...ry.exe

windows7-x64

2024-04-17...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-04-17_d91eef859d8e9b6de6b3b7e0445bf1a2_wannacry
Size

5.0MB
Sample

240417-tab9esee86
MD5

d91eef859d8e9b6de6b3b7e0445bf1a2
SHA1

9a76e0c289446260133a48c205cffbb6ca26e018
SHA256

1059540482ce72b673633aa38f1c3d98ace883c29eb9de811622a14af361f162
SHA512

d37aa36cd225bec95cb6ce8f720336832907f608f3e8ad9a819bc071f20913faaca1561f4e15396c5cc069dbb6ba46f0a186442af6bab41afa8d6a818d70cf58
SSDEEP

49152:QnFQqMSPbcBVQeE1INRx+TSqTdX1HkQo6SAARdhnv:QeqPoBhE1aRxcSUDk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-17_d91eef859d8e9b6de6b3b7e0445bf1a2_wannacry.exe

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-17_d91eef859d8e9b6de6b3b7e0445bf1a2_wannacry.exe

Resource

win10v2004-20240412-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-17_d91eef859d8e9b6de6b3b7e0445bf1a2_wannacry
- Size
  
  5.0MB
- MD5
  
  d91eef859d8e9b6de6b3b7e0445bf1a2
- SHA1
  
  9a76e0c289446260133a48c205cffbb6ca26e018
- SHA256
  
  1059540482ce72b673633aa38f1c3d98ace883c29eb9de811622a14af361f162
- SHA512
  
  d37aa36cd225bec95cb6ce8f720336832907f608f3e8ad9a819bc071f20913faaca1561f4e15396c5cc069dbb6ba46f0a186442af6bab41afa8d6a818d70cf58
- SSDEEP
  
  49152:QnFQqMSPbcBVQeE1INRx+TSqTdX1HkQo6SAARdhnv:QeqPoBhE1aRxcSUDk36SAEdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3200) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy