wannacry | 153929445ac39d8a8c9282d2117490af0a0e59acc5ba028d468f2c7cbaf87774 | Triage

Submit
Reports

Overview

overview

Static

static

3

2822247ae2...18.dll

windows7-x64

2822247ae2...18.dll

windows10-2004-x64

Sharing

General

Target

2822247ae20305e9fef73497b61faf7c_JaffaCakes118
Size

5.0MB
Sample

240509-d76ljabe28
MD5

2822247ae20305e9fef73497b61faf7c
SHA1

88f31096f6ca717d0d8e359cdf6f23f022027f74
SHA256

153929445ac39d8a8c9282d2117490af0a0e59acc5ba028d468f2c7cbaf87774
SHA512

97e1f6f7a5e77365f5c071f2245f000baee54bad6c01300cc587234034052520597e41cadd759287591411814447b1ef6dbeca783b63bf8f8bb0ecc26747caed
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9vyAVp2H:+DqPe1Cxcxk3ZAEUalyc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2822247ae20305e9fef73497b61faf7c_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2822247ae20305e9fef73497b61faf7c_JaffaCakes118.dll

Resource

win10v2004-20240226-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2822247ae20305e9fef73497b61faf7c_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  2822247ae20305e9fef73497b61faf7c
- SHA1
  
  88f31096f6ca717d0d8e359cdf6f23f022027f74
- SHA256
  
  153929445ac39d8a8c9282d2117490af0a0e59acc5ba028d468f2c7cbaf87774
- SHA512
  
  97e1f6f7a5e77365f5c071f2245f000baee54bad6c01300cc587234034052520597e41cadd759287591411814447b1ef6dbeca783b63bf8f8bb0ecc26747caed
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9vyAVp2H:+DqPe1Cxcxk3ZAEUalyc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3302) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy