wannacry | a274d7771f1d7d0ef7133f3a00502267c7d03c48f4a491b075527915dc95c329 | Triage

Submit
Reports

Overview

overview

Static

static

3

56ebabfe5a...18.dll

windows7-x64

56ebabfe5a...18.dll

windows10-2004-x64

Sharing

General

Target

56ebabfe5ac52c06923fa1fd5e76fd49_JaffaCakes118
Size

5.0MB
Sample

240518-1gvsnsgh8w
MD5

56ebabfe5ac52c06923fa1fd5e76fd49
SHA1

307f347723d234984a2f1c152325a12f0d1ec333
SHA256

a274d7771f1d7d0ef7133f3a00502267c7d03c48f4a491b075527915dc95c329
SHA512

212469b9559b1ee55fe026719499e9330737972c9951104c0dd9e74a31d715be2ac7314c07d7e17f143e894bb7b898133bf4a3f9fd851a57bc663ec259bc8008
SSDEEP

24576:zbLgddQhfdmMSirYbcMNgef0QeQjGL4kqAH1pNZtA0p+9XEk:znAQqMSPbcBVQejLyAH1plAH

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

56ebabfe5ac52c06923fa1fd5e76fd49_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

56ebabfe5ac52c06923fa1fd5e76fd49_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  56ebabfe5ac52c06923fa1fd5e76fd49_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  56ebabfe5ac52c06923fa1fd5e76fd49
- SHA1
  
  307f347723d234984a2f1c152325a12f0d1ec333
- SHA256
  
  a274d7771f1d7d0ef7133f3a00502267c7d03c48f4a491b075527915dc95c329
- SHA512
  
  212469b9559b1ee55fe026719499e9330737972c9951104c0dd9e74a31d715be2ac7314c07d7e17f143e894bb7b898133bf4a3f9fd851a57bc663ec259bc8008
- SSDEEP
  
  24576:zbLgddQhfdmMSirYbcMNgef0QeQjGL4kqAH1pNZtA0p+9XEk:znAQqMSPbcBVQejLyAH1plAH
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3299) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy