wannacry | 3fa6793e482dbadb9d0fac3df073069cab4c2357364da257a189b771b10dabfb | Triage

Submit
Reports

Overview

overview

Static

static

3

18ebccf4fd...18.dll

windows7-x64

18ebccf4fd...18.dll

windows10-2004-x64

Sharing

General

Target

18ebccf4fd90235a68b37d676d7ed9c5_JaffaCakes118
Size

5.0MB
Sample

240505-xremnaae21
MD5

18ebccf4fd90235a68b37d676d7ed9c5
SHA1

2ce147e191aa1a4b4803a353a2a6d1a956051920
SHA256

3fa6793e482dbadb9d0fac3df073069cab4c2357364da257a189b771b10dabfb
SHA512

d1cb5bc612572a778cf56d56a078cb9648fbf145c24b302b767d762b21c8e6e1f989f53271ee9e041c57a44aaa6f2b1284017638c2b2192078fdeef85cbdc0d5
SSDEEP

98304:+DqPoBhzLxcSUDk36SAEdhvxWa903RA2H:+DqPeLxcxk3ZAEUaERvH

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

18ebccf4fd90235a68b37d676d7ed9c5_JaffaCakes118.dll

Resource

win7-20240220-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

18ebccf4fd90235a68b37d676d7ed9c5_JaffaCakes118.dll

Resource

win10v2004-20240226-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  18ebccf4fd90235a68b37d676d7ed9c5_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  18ebccf4fd90235a68b37d676d7ed9c5
- SHA1
  
  2ce147e191aa1a4b4803a353a2a6d1a956051920
- SHA256
  
  3fa6793e482dbadb9d0fac3df073069cab4c2357364da257a189b771b10dabfb
- SHA512
  
  d1cb5bc612572a778cf56d56a078cb9648fbf145c24b302b767d762b21c8e6e1f989f53271ee9e041c57a44aaa6f2b1284017638c2b2192078fdeef85cbdc0d5
- SSDEEP
  
  98304:+DqPoBhzLxcSUDk36SAEdhvxWa903RA2H:+DqPeLxcxk3ZAEUaERvH
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3311) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy