wannacry | f0459f64c92eb91fc582f8c7923ff71e15d9b2dbe5c95c40ced4d6d01e153c9a | Triage

Submit
Reports

Overview

overview

Static

static

3

359489bee7...18.dll

windows7-x64

359489bee7...18.dll

windows10-2004-x64

Sharing

General

Target

359489bee79016a277b8f51b0a181a04_JaffaCakes118
Size

5.0MB
Sample

240511-vbzlsaah88
MD5

359489bee79016a277b8f51b0a181a04
SHA1

f18d53d62bd048214bd1ff601239a4132cc67883
SHA256

f0459f64c92eb91fc582f8c7923ff71e15d9b2dbe5c95c40ced4d6d01e153c9a
SHA512

522e5108f826320c864a1dc9d9351e095f942cebc5d1a41f769bdb76ef89e8157513147d66cd697b0fcd639ba59f5ea2db1c14600de0c7cfdb4b829160e803e3
SSDEEP

49152:znAQqMSPbcBVQej/1xxJM0H9PAMEcaEau3R8x:TDqPoBhz1xxWa9P593R8

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

359489bee79016a277b8f51b0a181a04_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

359489bee79016a277b8f51b0a181a04_JaffaCakes118.dll

Resource

win10v2004-20240226-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  359489bee79016a277b8f51b0a181a04_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  359489bee79016a277b8f51b0a181a04
- SHA1
  
  f18d53d62bd048214bd1ff601239a4132cc67883
- SHA256
  
  f0459f64c92eb91fc582f8c7923ff71e15d9b2dbe5c95c40ced4d6d01e153c9a
- SHA512
  
  522e5108f826320c864a1dc9d9351e095f942cebc5d1a41f769bdb76ef89e8157513147d66cd697b0fcd639ba59f5ea2db1c14600de0c7cfdb4b829160e803e3
- SSDEEP
  
  49152:znAQqMSPbcBVQej/1xxJM0H9PAMEcaEau3R8x:TDqPoBhz1xxWa9P593R8
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3233) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy