wannacry | 543b7b9393bd9202177b9ab87b27351818c8ad497a4c98eac678cb893f2a66b0 | Triage

Submit
Reports

Overview

overview

Static

static

3

2e81b88e80...18.dll

windows7-x64

2e81b88e80...18.dll

windows10-2004-x64

Sharing

General

Target

2e81b88e80f28aec66d7cd5133ecc2f9_JaffaCakes118
Size

5.0MB
Sample

240510-lnj77aag72
MD5

2e81b88e80f28aec66d7cd5133ecc2f9
SHA1

94035e850ee7a618473d53c2f592895f654600b0
SHA256

543b7b9393bd9202177b9ab87b27351818c8ad497a4c98eac678cb893f2a66b0
SHA512

9d94bc5d0a1d685c06d1bd4eed74fb0f47c8de65b71bbd010e93f708f8d8e9214e27697d35a5ce3c91e610a192d6f68f327477a7e3abb80d5e2104a0b27ade72
SSDEEP

98304:+DqPoB5xcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPGxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2e81b88e80f28aec66d7cd5133ecc2f9_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2e81b88e80f28aec66d7cd5133ecc2f9_JaffaCakes118.dll

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2e81b88e80f28aec66d7cd5133ecc2f9_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  2e81b88e80f28aec66d7cd5133ecc2f9
- SHA1
  
  94035e850ee7a618473d53c2f592895f654600b0
- SHA256
  
  543b7b9393bd9202177b9ab87b27351818c8ad497a4c98eac678cb893f2a66b0
- SHA512
  
  9d94bc5d0a1d685c06d1bd4eed74fb0f47c8de65b71bbd010e93f708f8d8e9214e27697d35a5ce3c91e610a192d6f68f327477a7e3abb80d5e2104a0b27ade72
- SSDEEP
  
  98304:+DqPoB5xcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPGxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3124) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy