wannacry | b344f5188b656c7793b071d8fa426594bccc088850daa754fca36aea5a02336f | Triage

Submit
Reports

Overview

overview

Static

static

3

532d2aa524...18.dll

windows7-x64

532d2aa524...18.dll

windows10-2004-x64

Sharing

General

Target

532d2aa524c740fb4a2872f3a2e832ed_JaffaCakes118
Size

5.0MB
Sample

240518-fyfd4add6z
MD5

532d2aa524c740fb4a2872f3a2e832ed
SHA1

c7a3793513330e3506c63c3b96d15587961b7cb3
SHA256

b344f5188b656c7793b071d8fa426594bccc088850daa754fca36aea5a02336f
SHA512

40c192ae6dc85c1efb25ee5d29f657026de40221b79932c5def962b5da98456d79d56692a8c1d190fc8a40b75c8dcad3564e0f79bbbd33e9df237faabbff730b
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:+DqPoBhz1aRxcSUDk36SA

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

532d2aa524c740fb4a2872f3a2e832ed_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

532d2aa524c740fb4a2872f3a2e832ed_JaffaCakes118.dll

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  532d2aa524c740fb4a2872f3a2e832ed_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  532d2aa524c740fb4a2872f3a2e832ed
- SHA1
  
  c7a3793513330e3506c63c3b96d15587961b7cb3
- SHA256
  
  b344f5188b656c7793b071d8fa426594bccc088850daa754fca36aea5a02336f
- SHA512
  
  40c192ae6dc85c1efb25ee5d29f657026de40221b79932c5def962b5da98456d79d56692a8c1d190fc8a40b75c8dcad3564e0f79bbbd33e9df237faabbff730b
- SSDEEP
  
  49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:+DqPoBhz1aRxcSUDk36SA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3236) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy