wannacry | 4cf3edfc40c751ad00bac5fa0b6edf900d3860adfa7273b7012597e4a8072e71 | Triage

Sharing

General

Target

2024-05-12_420d951178530755da22fa4ecdb4231e_wannacry
Size

5.0MB
Sample

240512-q2t2rscb83
MD5

420d951178530755da22fa4ecdb4231e
SHA1

ecd41430ea40ef03ab446691b2db41495a06647f
SHA256

4cf3edfc40c751ad00bac5fa0b6edf900d3860adfa7273b7012597e4a8072e71
SHA512

373a87464d863e2f8201409fff04dfa01081b0cbf7c5b932ec2f07ecbb0aedfcca7d0fa6feb6226ec9fea84cca737125555411f16e68188c6739fc6771d0d21f
SSDEEP

24576:2bLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626nSk+RdhAdmv:2nAQqMSPbcBVQej/1INRAARdhnv

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-05-12_420d951178530755da22fa4ecdb4231e_wannacry
- Size
  
  5.0MB
- MD5
  
  420d951178530755da22fa4ecdb4231e
- SHA1
  
  ecd41430ea40ef03ab446691b2db41495a06647f
- SHA256
  
  4cf3edfc40c751ad00bac5fa0b6edf900d3860adfa7273b7012597e4a8072e71
- SHA512
  
  373a87464d863e2f8201409fff04dfa01081b0cbf7c5b932ec2f07ecbb0aedfcca7d0fa6feb6226ec9fea84cca737125555411f16e68188c6739fc6771d0d21f
- SSDEEP
  
  24576:2bLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626nSk+RdhAdmv:2nAQqMSPbcBVQej/1INRAARdhnv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3183) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm