wannacry | 25569625a36ca72014b551e8aff1cc163239b4766a434c3bcbfc5bb97cf8dbb1 | Triage

Submit
Reports

Overview

overview

Static

static

3

1391981dda...18.dll

windows7-x64

1391981dda...18.dll

windows10-2004-x64

Sharing

General

Target

1391981dda18f636a0ec142d2f85079d_JaffaCakes118
Size

5.0MB
Sample

240504-t2a6faec48
MD5

1391981dda18f636a0ec142d2f85079d
SHA1

8330f801ca548a037879e0b75447ac3496932810
SHA256

25569625a36ca72014b551e8aff1cc163239b4766a434c3bcbfc5bb97cf8dbb1
SHA512

909a025c2cac752c369e20706483786273786a2dc78a9d1928457c51ff9dfd32cb7e4374b993af8dc049556b3d1f217cfcec3751af5b1af4c4d361e3bfea210e
SSDEEP

49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAfAH:d8qPoBhz1aRxcSUDk36SADH

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1391981dda18f636a0ec142d2f85079d_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1391981dda18f636a0ec142d2f85079d_JaffaCakes118.dll

Resource

win10v2004-20240419-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  1391981dda18f636a0ec142d2f85079d_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  1391981dda18f636a0ec142d2f85079d
- SHA1
  
  8330f801ca548a037879e0b75447ac3496932810
- SHA256
  
  25569625a36ca72014b551e8aff1cc163239b4766a434c3bcbfc5bb97cf8dbb1
- SHA512
  
  909a025c2cac752c369e20706483786273786a2dc78a9d1928457c51ff9dfd32cb7e4374b993af8dc049556b3d1f217cfcec3751af5b1af4c4d361e3bfea210e
- SSDEEP
  
  49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAfAH:d8qPoBhz1aRxcSUDk36SADH
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3305) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy