wannacry | 60816bcab52669039f9f35dfefaf114279832402aa81f481df7b203ac989c081 | Triage

Submit
Reports

Overview

overview

Static

static

3

0fadb97588...18.dll

windows7-x64

0fadb97588...18.dll

windows10-2004-x64

Sharing

General

Target

0fadb975887f58eb432387e86f0465b2_JaffaCakes118
Size

5.0MB
Sample

240503-e6el4ahc58
MD5

0fadb975887f58eb432387e86f0465b2
SHA1

fbf5d8d2759305b15891657f6b60fd53b2d09d34
SHA256

60816bcab52669039f9f35dfefaf114279832402aa81f481df7b203ac989c081
SHA512

e710407fbaf5c43236113d6a764d783204c58bac764cf2b6e9b90045d23ff077b258fadbb37fec5aa040aeaa5a3ef4d17d69fe1be2c78355d10e8154652b1b64
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P59UcryAVkE:+DqPe1Cxcxk3ZAEUad7yck

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fadb975887f58eb432387e86f0465b2_JaffaCakes118.dll

Resource

win7-20240419-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fadb975887f58eb432387e86f0465b2_JaffaCakes118.dll

Resource

win10v2004-20240419-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  0fadb975887f58eb432387e86f0465b2_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  0fadb975887f58eb432387e86f0465b2
- SHA1
  
  fbf5d8d2759305b15891657f6b60fd53b2d09d34
- SHA256
  
  60816bcab52669039f9f35dfefaf114279832402aa81f481df7b203ac989c081
- SHA512
  
  e710407fbaf5c43236113d6a764d783204c58bac764cf2b6e9b90045d23ff077b258fadbb37fec5aa040aeaa5a3ef4d17d69fe1be2c78355d10e8154652b1b64
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P59UcryAVkE:+DqPe1Cxcxk3ZAEUad7yck
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3348) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy