wannacry | 7f4f9e802b445f2fb2c3aebdb8641c993ab5614c2ed3db439dcf5c0593614552 | Triage

Submit
Reports

Overview

overview

Static

static

3

36b046ce73...18.dll

windows7-x64

36b046ce73...18.dll

windows10-2004-x64

Sharing

General

Target

36b046ce73c61f80ad02c9b984bcf892_JaffaCakes118
Size

5.0MB
Sample

240511-1ktd1sae3t
MD5

36b046ce73c61f80ad02c9b984bcf892
SHA1

c78569432c1c25564e221ec13663b65ad88e2ec9
SHA256

7f4f9e802b445f2fb2c3aebdb8641c993ab5614c2ed3db439dcf5c0593614552
SHA512

6f0f62a145f7045581e2a86bed28c4d2e0ca898cda91cab7af025d09cd420bcec363c2a659d4e05d3450bd03b412e3fe73b01aa3248e938be5340c375eaeae44
SSDEEP

98304:+DqPoBLaRvk36SAEdhvxWa9P593R8yAVp2H:+DqPyCvk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

36b046ce73c61f80ad02c9b984bcf892_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

36b046ce73c61f80ad02c9b984bcf892_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  36b046ce73c61f80ad02c9b984bcf892_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  36b046ce73c61f80ad02c9b984bcf892
- SHA1
  
  c78569432c1c25564e221ec13663b65ad88e2ec9
- SHA256
  
  7f4f9e802b445f2fb2c3aebdb8641c993ab5614c2ed3db439dcf5c0593614552
- SHA512
  
  6f0f62a145f7045581e2a86bed28c4d2e0ca898cda91cab7af025d09cd420bcec363c2a659d4e05d3450bd03b412e3fe73b01aa3248e938be5340c375eaeae44
- SSDEEP
  
  98304:+DqPoBLaRvk36SAEdhvxWa9P593R8yAVp2H:+DqPyCvk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3351) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy