wannacry | 896f063efc74968f6604452f1ecc3f468866641860b15f89c013535a625ab501 | Triage

Submit
Reports

Overview

overview

Static

static

3

4f36ba41ce...18.dll

windows7-x64

4f36ba41ce...18.dll

windows10-2004-x64

Sharing

General

Target

4f36ba41ce8bdc804b50bf43b36547bd_JaffaCakes118
Size

5.0MB
Sample

240517-kpgb9aad54
MD5

4f36ba41ce8bdc804b50bf43b36547bd
SHA1

35e90bcc8648b303a9f58568d067a684b020e018
SHA256

896f063efc74968f6604452f1ecc3f468866641860b15f89c013535a625ab501
SHA512

0b853fd08c19be2d6ab7a75e121b3d27747e76ef7dcd168b78ec8c9572c67287d32143839a095ae05afaa2c6dde0066d61dadf081e3a15e301762d7766156933
SSDEEP

98304:d8qPoBhz1aRxcSUDk36SAvxWa9P593R8yAVp2H:d8qPe1Cxcxk3ZAYadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4f36ba41ce8bdc804b50bf43b36547bd_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f36ba41ce8bdc804b50bf43b36547bd_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f36ba41ce8bdc804b50bf43b36547bd_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  4f36ba41ce8bdc804b50bf43b36547bd
- SHA1
  
  35e90bcc8648b303a9f58568d067a684b020e018
- SHA256
  
  896f063efc74968f6604452f1ecc3f468866641860b15f89c013535a625ab501
- SHA512
  
  0b853fd08c19be2d6ab7a75e121b3d27747e76ef7dcd168b78ec8c9572c67287d32143839a095ae05afaa2c6dde0066d61dadf081e3a15e301762d7766156933
- SSDEEP
  
  98304:d8qPoBhz1aRxcSUDk36SAvxWa9P593R8yAVp2H:d8qPe1Cxcxk3ZAYadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3242) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy