wannacry | f37ea72f42c0f96a9a638a61dc80ea56cba6e416f08a6d66995d3414010d419d | Triage

Submit
Reports

Overview

overview

Static

static

3

32d9c24575...18.dll

windows7-x64

32d9c24575...18.dll

windows10-2004-x64

Sharing

General

Target

32d9c2457554ed6c883eec0a7c5228a1_JaffaCakes118
Size

5.0MB
Sample

240511-fnkaashd22
MD5

32d9c2457554ed6c883eec0a7c5228a1
SHA1

68f6e1fe94e61e71d5125de5f24f5473726d0092
SHA256

f37ea72f42c0f96a9a638a61dc80ea56cba6e416f08a6d66995d3414010d419d
SHA512

4f6576ef0e88a69a57c44a13ea91d45718963e1fc5b14ac487f4c6fb6dc9b7337d86b6d25fdc51e9dae306d81d908b60ebb5b94ca5cdd5886a86b17d9c7b6232
SSDEEP

98304:TDqPoBhz1aRxcSUDk36SAEys+593R8yAVp2H:TDqPe1Cxcxk3ZAECzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

32d9c2457554ed6c883eec0a7c5228a1_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

32d9c2457554ed6c883eec0a7c5228a1_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  32d9c2457554ed6c883eec0a7c5228a1_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  32d9c2457554ed6c883eec0a7c5228a1
- SHA1
  
  68f6e1fe94e61e71d5125de5f24f5473726d0092
- SHA256
  
  f37ea72f42c0f96a9a638a61dc80ea56cba6e416f08a6d66995d3414010d419d
- SHA512
  
  4f6576ef0e88a69a57c44a13ea91d45718963e1fc5b14ac487f4c6fb6dc9b7337d86b6d25fdc51e9dae306d81d908b60ebb5b94ca5cdd5886a86b17d9c7b6232
- SSDEEP
  
  98304:TDqPoBhz1aRxcSUDk36SAEys+593R8yAVp2H:TDqPe1Cxcxk3ZAECzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3284) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy