wannacry | 8a194df66c613bbee35aad257f2e99877417bc162e2db05bd6b05e5db10fe046 | Triage

Submit
Reports

Overview

overview

Static

static

3

3324dfb0a1...18.dll

windows7-x64

3324dfb0a1...18.dll

windows10-2004-x64

Sharing

General

Target

3324dfb0a132ac79465a5e94549872f7_JaffaCakes118
Size

5.0MB
Sample

240511-gzs71shh5v
MD5

3324dfb0a132ac79465a5e94549872f7
SHA1

259e5a0e5d2eead2be8324bf85f9125e1ff2e4fe
SHA256

8a194df66c613bbee35aad257f2e99877417bc162e2db05bd6b05e5db10fe046
SHA512

3388f9b9171b86fefbb275efdcf8e9c2dfdb2c9204a0a72c982fc93166b36937d830d7aaaf282358124ad4d592d05377994b8a35660da9fc968414a33c0f6313
SSDEEP

49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQ9xJM0H9PAMEcaEau3R8yAH:TDqPoBhz1aRxcSUDkoxWa9P593R8yA

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3324dfb0a132ac79465a5e94549872f7_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3324dfb0a132ac79465a5e94549872f7_JaffaCakes118.dll

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  3324dfb0a132ac79465a5e94549872f7_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  3324dfb0a132ac79465a5e94549872f7
- SHA1
  
  259e5a0e5d2eead2be8324bf85f9125e1ff2e4fe
- SHA256
  
  8a194df66c613bbee35aad257f2e99877417bc162e2db05bd6b05e5db10fe046
- SHA512
  
  3388f9b9171b86fefbb275efdcf8e9c2dfdb2c9204a0a72c982fc93166b36937d830d7aaaf282358124ad4d592d05377994b8a35660da9fc968414a33c0f6313
- SSDEEP
  
  49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQ9xJM0H9PAMEcaEau3R8yAH:TDqPoBhz1aRxcSUDkoxWa9P593R8yA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3170) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy