wannacry | 5b2808345ab06d02c2b5194562e941696832b4dadef36d72753481f909613d1e | Triage

Submit
Reports

Overview

overview

Static

static

3

50a304fcb6...18.exe

windows7-x64

50a304fcb6...18.exe

windows10-2004-x64

Sharing

General

Target

50a304fcb6afbfeb58ffe10d125f8760_JaffaCakes118
Size

3.6MB
Sample

240517-vz7x3aae26
MD5

50a304fcb6afbfeb58ffe10d125f8760
SHA1

466f32e13f101785bc1567091e22574ee8bc7a7e
SHA256

5b2808345ab06d02c2b5194562e941696832b4dadef36d72753481f909613d1e
SHA512

c823ee5be8ab8c138d2af24f40cd42a7debf25e40f708aaed1db4783dbfdc38c81e2f29e651d5ecc59dcb68319524f8087328e6a72f26f2c60a7825c6d53aa4b
SSDEEP

98304:XDqPoBhz1aRxcSUZk36SAEdhvxWa9P593R8yA:XDqPe1Cxc7k3ZAEUadzR8y

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

50a304fcb6afbfeb58ffe10d125f8760_JaffaCakes118.exe

Resource

win7-20240215-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

50a304fcb6afbfeb58ffe10d125f8760_JaffaCakes118.exe

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  50a304fcb6afbfeb58ffe10d125f8760_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  50a304fcb6afbfeb58ffe10d125f8760
- SHA1
  
  466f32e13f101785bc1567091e22574ee8bc7a7e
- SHA256
  
  5b2808345ab06d02c2b5194562e941696832b4dadef36d72753481f909613d1e
- SHA512
  
  c823ee5be8ab8c138d2af24f40cd42a7debf25e40f708aaed1db4783dbfdc38c81e2f29e651d5ecc59dcb68319524f8087328e6a72f26f2c60a7825c6d53aa4b
- SSDEEP
  
  98304:XDqPoBhz1aRxcSUZk36SAEdhvxWa9P593R8yA:XDqPe1Cxc7k3ZAEUadzR8y
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3343) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy