wannacry | e2735fde7f0e3a5885bd9bd379bc5b1ad6d28773bdb685fbe9ca67c06cc402f8 | Triage

Submit
Reports

Overview

overview

Static

static

3

0e1956d3b9...18.dll

windows7-x64

0e1956d3b9...18.dll

windows10-2004-x64

Sharing

General

Target

0e1956d3b9b2509a88a368e654a40b32_JaffaCakes118
Size

5.0MB
Sample

240502-k8rmbsga32
MD5

0e1956d3b9b2509a88a368e654a40b32
SHA1

80a2d4aeb83793b7b67698b9f983b179c24c2fa4
SHA256

e2735fde7f0e3a5885bd9bd379bc5b1ad6d28773bdb685fbe9ca67c06cc402f8
SHA512

c105f4cca3385b8134aff49a912d8239e4b9c871067bc968d0a7c070a972a04def3cc26fe3b3d102e6c50f6d3420ac51a6ca47f186cca3f63f074e78673849fa
SSDEEP

98304:+DqPoBhJ1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPs1Cxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0e1956d3b9b2509a88a368e654a40b32_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e1956d3b9b2509a88a368e654a40b32_JaffaCakes118.dll

Resource

win10v2004-20240419-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e1956d3b9b2509a88a368e654a40b32_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  0e1956d3b9b2509a88a368e654a40b32
- SHA1
  
  80a2d4aeb83793b7b67698b9f983b179c24c2fa4
- SHA256
  
  e2735fde7f0e3a5885bd9bd379bc5b1ad6d28773bdb685fbe9ca67c06cc402f8
- SHA512
  
  c105f4cca3385b8134aff49a912d8239e4b9c871067bc968d0a7c070a972a04def3cc26fe3b3d102e6c50f6d3420ac51a6ca47f186cca3f63f074e78673849fa
- SSDEEP
  
  98304:+DqPoBhJ1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPs1Cxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3270) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy