wannacry | 1e843da35f4ffa5118cabb17f0a339fd89141875c38bbaa18abb1105a77c779a | Triage

Submit
Reports

Overview

overview

Static

static

3

183d59acfb...18.dll

windows7-x64

183d59acfb...18.dll

windows10-2004-x64

Sharing

General

Target

183d59acfb1081bd87974feefe7ff7a1_JaffaCakes118
Size

5.0MB
Sample

240505-sgxchagf22
MD5

183d59acfb1081bd87974feefe7ff7a1
SHA1

5eea1742ce3694b8fc00db428c77b1edaf28fe79
SHA256

1e843da35f4ffa5118cabb17f0a339fd89141875c38bbaa18abb1105a77c779a
SHA512

4468dfbe1f0f0b26f65879a20308fb1b0daa832db6531553e962241c8bde336727453af0d9b0802b463f2d616a92c46b657e2f03d50f4eef975ea31c576fea6f
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAjCx1cEeeCtM:+DqPoBhz1aRxcSUDk36SA3xyE1Ce

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

183d59acfb1081bd87974feefe7ff7a1_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

183d59acfb1081bd87974feefe7ff7a1_JaffaCakes118.dll

Resource

win10v2004-20240419-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  183d59acfb1081bd87974feefe7ff7a1_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  183d59acfb1081bd87974feefe7ff7a1
- SHA1
  
  5eea1742ce3694b8fc00db428c77b1edaf28fe79
- SHA256
  
  1e843da35f4ffa5118cabb17f0a339fd89141875c38bbaa18abb1105a77c779a
- SHA512
  
  4468dfbe1f0f0b26f65879a20308fb1b0daa832db6531553e962241c8bde336727453af0d9b0802b463f2d616a92c46b657e2f03d50f4eef975ea31c576fea6f
- SSDEEP
  
  49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAjCx1cEeeCtM:+DqPoBhz1aRxcSUDk36SA3xyE1Ce
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3013) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy