General

  • Target

    2024-05-16_dc3d9057c9085b94b15a676669cfd818_wannacry

  • Size

    3.6MB

  • Sample

    240516-qz3wwsfe3v

  • MD5

    dc3d9057c9085b94b15a676669cfd818

  • SHA1

    2b1065b84cc412db2f54c78d390d3ee729f7461a

  • SHA256

    61f6f665b0b851e8716e8c2409a83cf61314d15aa3f22a389d15728b4efb25ea

  • SHA512

    43d1642e4d20de33542c6099d5a16df1f08d9a6de966d68cfa14ede259e4fdbc64b481ba789982520a02684078dcb9b8140fe24091a68c62fc1ce1f248b42065

  • SSDEEP

    49152:XnAQmEKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:XDmyfBhz1aRxcSUDk36SAEdhv

Malware Config

Targets

    • Target

      2024-05-16_dc3d9057c9085b94b15a676669cfd818_wannacry

    • Size

      3.6MB

    • MD5

      dc3d9057c9085b94b15a676669cfd818

    • SHA1

      2b1065b84cc412db2f54c78d390d3ee729f7461a

    • SHA256

      61f6f665b0b851e8716e8c2409a83cf61314d15aa3f22a389d15728b4efb25ea

    • SHA512

      43d1642e4d20de33542c6099d5a16df1f08d9a6de966d68cfa14ede259e4fdbc64b481ba789982520a02684078dcb9b8140fe24091a68c62fc1ce1f248b42065

    • SSDEEP

      49152:XnAQmEKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:XDmyfBhz1aRxcSUDk36SAEdhv

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3200) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks