wannacry | 9e7ccdb8b108976057d14f9c2074bf8366d9533ebc58c607ff8976693455df65 | Triage

Submit
Reports

Overview

overview

Static

static

3

01028b2b86...18.dll

windows7-x64

01028b2b86...18.dll

windows10-2004-x64

Sharing

General

Target

01028b2b86548e8c91fc9db5aca4cad2_JaffaCakes118
Size

5.0MB
Sample

240426-r6vdrsdh35
MD5

01028b2b86548e8c91fc9db5aca4cad2
SHA1

bb55d2c339fc64ae823e9025bae6579e23fd895a
SHA256

9e7ccdb8b108976057d14f9c2074bf8366d9533ebc58c607ff8976693455df65
SHA512

77da67ea8c0265af3ff5f3323f0a0fab02feb275e4578f1e09a50f4bdc1623313d3e9850e5933c6e4d0b7adb343b1969a82d16e2d7597f3eb28263a1f4707fea
SSDEEP

24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLTkRiwDnz9cEA5yYSZxN0:SnAQqMSPbcBVQej/1INnkRiwt/Zx+

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01028b2b86548e8c91fc9db5aca4cad2_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

01028b2b86548e8c91fc9db5aca4cad2_JaffaCakes118.dll

Resource

win10v2004-20240419-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  01028b2b86548e8c91fc9db5aca4cad2_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  01028b2b86548e8c91fc9db5aca4cad2
- SHA1
  
  bb55d2c339fc64ae823e9025bae6579e23fd895a
- SHA256
  
  9e7ccdb8b108976057d14f9c2074bf8366d9533ebc58c607ff8976693455df65
- SHA512
  
  77da67ea8c0265af3ff5f3323f0a0fab02feb275e4578f1e09a50f4bdc1623313d3e9850e5933c6e4d0b7adb343b1969a82d16e2d7597f3eb28263a1f4707fea
- SSDEEP
  
  24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLTkRiwDnz9cEA5yYSZxN0:SnAQqMSPbcBVQej/1INnkRiwt/Zx+
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3298) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy