wannacry | 4434d6c1a3d738888f8c7cbe2e6a330f29e72a7968ed396943a6cb06c89c6dbf | Triage

Submit
Reports

Overview

overview

Static

static

3

5c7fcd7038...18.dll

windows7-x64

5c7fcd7038...18.dll

windows10-2004-x64

Sharing

General

Target

5c7fcd7038bd79f135f1411b8e9a40cf_JaffaCakes118
Size

5.0MB
Sample

240520-bx5v5sdh6z
MD5

5c7fcd7038bd79f135f1411b8e9a40cf
SHA1

02c7a57b9e3725e4d0da711657b433f35dda7ee7
SHA256

4434d6c1a3d738888f8c7cbe2e6a330f29e72a7968ed396943a6cb06c89c6dbf
SHA512

f69be4df427061f8e3c10252724d99ca6c868c6560a67657f69aa5dcfee09e15b2479fff5955e10e658af05390d2d74d0a20ad6d7cfba283df8a5373fc0cd8cf
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQRkRiwt/Zx+:+DqPoBhz1aRxcSUDkqkkGZx

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5c7fcd7038bd79f135f1411b8e9a40cf_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5c7fcd7038bd79f135f1411b8e9a40cf_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  5c7fcd7038bd79f135f1411b8e9a40cf_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  5c7fcd7038bd79f135f1411b8e9a40cf
- SHA1
  
  02c7a57b9e3725e4d0da711657b433f35dda7ee7
- SHA256
  
  4434d6c1a3d738888f8c7cbe2e6a330f29e72a7968ed396943a6cb06c89c6dbf
- SHA512
  
  f69be4df427061f8e3c10252724d99ca6c868c6560a67657f69aa5dcfee09e15b2479fff5955e10e658af05390d2d74d0a20ad6d7cfba283df8a5373fc0cd8cf
- SSDEEP
  
  49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQRkRiwt/Zx+:+DqPoBhz1aRxcSUDkqkkGZx
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3203) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy