wannacry | 22fbb10ae776c8055d19e88e4d928a65034b641b5f87fe42cf8fa0155dc0c9fe | Triage

Sharing

General

Target

10d266482b6b8ece0dcfbe2b337cf52d_JaffaCakes118
Size

3.6MB
Sample

240503-snretsaa4t
MD5

10d266482b6b8ece0dcfbe2b337cf52d
SHA1

d0c3393cda35c7dc1a8deedc6ef2f7b4476358bc
SHA256

22fbb10ae776c8055d19e88e4d928a65034b641b5f87fe42cf8fa0155dc0c9fe
SHA512

c5fbb1aa3ad4b3dda4e39fd80f5acfe91176fc08392a16616910a2ea8f71f1f588a13d6bbada08f4ab7684dfe058ab9496067900684b133d10172440823214bf
SSDEEP

24576:XbLgddQhfdmMSirYbcMNgef0PXv4t5yg+PfugCKf4taTEh9jpafhDHX6rAJxYjvB:XnAQqMSPbcBV3uH6VgMBJBeFFaP8

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  10d266482b6b8ece0dcfbe2b337cf52d_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  10d266482b6b8ece0dcfbe2b337cf52d
- SHA1
  
  d0c3393cda35c7dc1a8deedc6ef2f7b4476358bc
- SHA256
  
  22fbb10ae776c8055d19e88e4d928a65034b641b5f87fe42cf8fa0155dc0c9fe
- SHA512
  
  c5fbb1aa3ad4b3dda4e39fd80f5acfe91176fc08392a16616910a2ea8f71f1f588a13d6bbada08f4ab7684dfe058ab9496067900684b133d10172440823214bf
- SSDEEP
  
  24576:XbLgddQhfdmMSirYbcMNgef0PXv4t5yg+PfugCKf4taTEh9jpafhDHX6rAJxYjvB:XnAQqMSPbcBV3uH6VgMBJBeFFaP8
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3352) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm