wannacry | 5f6d6a6548884d0efc29d1019600fabe79dceebdd1eb6f43cd6c6f825c299114 | Triage

Sharing

General

Target

12eeb15b25510e632e27a0aab98e4ec4_JaffaCakes118
Size

5.0MB
Sample

240504-qpgkxafb4z
MD5

12eeb15b25510e632e27a0aab98e4ec4
SHA1

05e03714369de5050f75bd8fab609f15197743f2
SHA256

5f6d6a6548884d0efc29d1019600fabe79dceebdd1eb6f43cd6c6f825c299114
SHA512

2fa8dc20f661f90ed8fe52a9fc6383826c93c44791a6aa2aea9abb0815d8b6727faf5ae0f15075ccb78f1682f732b5fbe35a4cefc033a0c5c389b96c5f12c673
SSDEEP

49152:CnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAC:uDqPoBhz1aRxcSUDk36SAz

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  12eeb15b25510e632e27a0aab98e4ec4_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  12eeb15b25510e632e27a0aab98e4ec4
- SHA1
  
  05e03714369de5050f75bd8fab609f15197743f2
- SHA256
  
  5f6d6a6548884d0efc29d1019600fabe79dceebdd1eb6f43cd6c6f825c299114
- SHA512
  
  2fa8dc20f661f90ed8fe52a9fc6383826c93c44791a6aa2aea9abb0815d8b6727faf5ae0f15075ccb78f1682f732b5fbe35a4cefc033a0c5c389b96c5f12c673
- SSDEEP
  
  49152:CnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAC:uDqPoBhz1aRxcSUDk36SAz
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3302) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm