wannacry | 260dd2a52674913188e9ab661bec987c7f421fcb028aeacd6c20f7f2e2acaa30 | Triage

Sharing

General

Target

15f52fa392a8b4b15b338aa77842624d_JaffaCakes118
Size

3.6MB
Sample

240505-ezkjrseg8y
MD5

15f52fa392a8b4b15b338aa77842624d
SHA1

918613244d6e0bd95c1f588b9797e1c40f69bcbf
SHA256

260dd2a52674913188e9ab661bec987c7f421fcb028aeacd6c20f7f2e2acaa30
SHA512

351ca5f6693c06087b3fac40fb96fdbb426dc9c552b0c3bfb9ab5c5d10c85099e9638a3cde7f7f12cdd25803610724751c4620753431f56b54e73194c1f08e4c
SSDEEP

49152:2nAQqMSPbcBVQej/1IiRdhnvxJM0H9PAMEcaEau3R8yAH1plAHI:yDqPoBhz1ZdhvxWa9P593R8yAVp2HI

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  15f52fa392a8b4b15b338aa77842624d_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  15f52fa392a8b4b15b338aa77842624d
- SHA1
  
  918613244d6e0bd95c1f588b9797e1c40f69bcbf
- SHA256
  
  260dd2a52674913188e9ab661bec987c7f421fcb028aeacd6c20f7f2e2acaa30
- SHA512
  
  351ca5f6693c06087b3fac40fb96fdbb426dc9c552b0c3bfb9ab5c5d10c85099e9638a3cde7f7f12cdd25803610724751c4620753431f56b54e73194c1f08e4c
- SSDEEP
  
  49152:2nAQqMSPbcBVQej/1IiRdhnvxJM0H9PAMEcaEau3R8yAH1plAHI:yDqPoBhz1ZdhvxWa9P593R8yAVp2HI
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3272) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm