wannacry | 40edeb33f019610081f6f5a99bb9318d5f0b57c9bf672af7187031a64ba22086 | Triage

Submit
Reports

Overview

overview

Static

static

3

0160c0d1ff...18.exe

windows7-x64

0160c0d1ff...18.exe

windows10-2004-x64

Sharing

General

Target

0160c0d1ff5874e9f9e8f7d19c685b3d_JaffaCakes118
Size

3.6MB
Sample

240426-wymfeaac4w
MD5

0160c0d1ff5874e9f9e8f7d19c685b3d
SHA1

776fe0670e0e63d93f9d76895ce2e2a0e8c7c229
SHA256

40edeb33f019610081f6f5a99bb9318d5f0b57c9bf672af7187031a64ba22086
SHA512

121b6a6897043f228db90034ab00732e7f107a9ec427e300a752440ff676c6c57966d21bebff6671d3e475a8a84e327cca2b77657234ac326376acba73531109
SSDEEP

12288:GebLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7v:XbLgddQhfdmMSirYbcMNge7

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0160c0d1ff5874e9f9e8f7d19c685b3d_JaffaCakes118.exe

Resource

win7-20240220-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0160c0d1ff5874e9f9e8f7d19c685b3d_JaffaCakes118.exe

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  0160c0d1ff5874e9f9e8f7d19c685b3d_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  0160c0d1ff5874e9f9e8f7d19c685b3d
- SHA1
  
  776fe0670e0e63d93f9d76895ce2e2a0e8c7c229
- SHA256
  
  40edeb33f019610081f6f5a99bb9318d5f0b57c9bf672af7187031a64ba22086
- SHA512
  
  121b6a6897043f228db90034ab00732e7f107a9ec427e300a752440ff676c6c57966d21bebff6671d3e475a8a84e327cca2b77657234ac326376acba73531109
- SSDEEP
  
  12288:GebLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7v:XbLgddQhfdmMSirYbcMNge7
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3302) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy