wannacry | fc876af5eaef6fece93d5de99c403837eaf370558a206fb8ed37abfbe838d7c6 | Triage

Submit
Reports

Overview

overview

Static

static

3

15e4ec8db5...18.dll

windows7-x64

15e4ec8db5...18.dll

windows10-2004-x64

Sharing

General

Target

15e4ec8db5c9de6f88683e7af25b00aa_JaffaCakes118
Size

5.0MB
Sample

240505-emxzbshe55
MD5

15e4ec8db5c9de6f88683e7af25b00aa
SHA1

0aec8e94906404bb96aec4b9bcb11ecf5d135f92
SHA256

fc876af5eaef6fece93d5de99c403837eaf370558a206fb8ed37abfbe838d7c6
SHA512

569999ba8c96ecced0d45f93e59f0913e340a3ae97780a181067ef79e4abc20f6ea0ba008d76b37f7fc2425b9e84df2a5380f9c1d2f53a68c9aff48c32b7ab79
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593:+DqPe1Cxcxk3ZAEUadz

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15e4ec8db5c9de6f88683e7af25b00aa_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

15e4ec8db5c9de6f88683e7af25b00aa_JaffaCakes118.dll

Resource

win10v2004-20240419-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  15e4ec8db5c9de6f88683e7af25b00aa_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  15e4ec8db5c9de6f88683e7af25b00aa
- SHA1
  
  0aec8e94906404bb96aec4b9bcb11ecf5d135f92
- SHA256
  
  fc876af5eaef6fece93d5de99c403837eaf370558a206fb8ed37abfbe838d7c6
- SHA512
  
  569999ba8c96ecced0d45f93e59f0913e340a3ae97780a181067ef79e4abc20f6ea0ba008d76b37f7fc2425b9e84df2a5380f9c1d2f53a68c9aff48c32b7ab79
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593:+DqPe1Cxcxk3ZAEUadz
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3207) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy