wannacry | 554f9a45ff13004de1e16fab4be1e467374f940a963cc9ce65d2906f0c54857a | Triage

Resubmissions

18-05-2024 08:15

240518-j5t3lsbc4v 10

18-05-2024 07:00

240518-hstqmsgg9w 10

18-05-2024 06:28

240518-g8smvafg7y 10

Sharing

General

Target

53606881d4f8b4934c5ade1947e88bc9_JaffaCakes118
Size

5.0MB
Sample

240518-j5t3lsbc4v
MD5

53606881d4f8b4934c5ade1947e88bc9
SHA1

5588e92d9be1ced63f3f9c6514a1a4a0ed90995e
SHA256

554f9a45ff13004de1e16fab4be1e467374f940a963cc9ce65d2906f0c54857a
SHA512

d431c39be859d8ce73c2e12a5cbf6d538540fdb9811b85cc65fde9bb2e3336ab3af5e80f6cf77c10a768e3f45cc8b699980f9a04bb909c3238be5d0ad853948e
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9yLGp2H:+DqPe1Cxcxk3ZAEUaYS4H

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  53606881d4f8b4934c5ade1947e88bc9_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  53606881d4f8b4934c5ade1947e88bc9
- SHA1
  
  5588e92d9be1ced63f3f9c6514a1a4a0ed90995e
- SHA256
  
  554f9a45ff13004de1e16fab4be1e467374f940a963cc9ce65d2906f0c54857a
- SHA512
  
  d431c39be859d8ce73c2e12a5cbf6d538540fdb9811b85cc65fde9bb2e3336ab3af5e80f6cf77c10a768e3f45cc8b699980f9a04bb909c3238be5d0ad853948e
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9yLGp2H:+DqPe1Cxcxk3ZAEUaYS4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2637) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm