wannacry | b06433c11864a55a564e06d1e2e1e98ff2bbd7053a5a2ec473d6c98bc2fe891f | Triage

Submit
Reports

Overview

overview

Static

static

3

6195fe7746...18.dll

windows7-x64

6195fe7746...18.dll

windows10-2004-x64

Sharing

General

Target

6195fe77464fd40efbe06b948db5d5d1_JaffaCakes118
Size

5.0MB
Sample

240521-bpp5qade54
MD5

6195fe77464fd40efbe06b948db5d5d1
SHA1

926db72ac0901a9eca93fc3f49378677089fe74b
SHA256

b06433c11864a55a564e06d1e2e1e98ff2bbd7053a5a2ec473d6c98bc2fe891f
SHA512

31368c495415cdd27ce6fb34c4421fe7a68438235f6de3575d1e39b61395174542b4bec8d509b1dcff85edce30b3c2d036b2ef28cb7dc84d0ee05880794343fc
SSDEEP

49152:znAQqMSPbcBVQej/1INRYX0R8yAH1plAH:TDqPoBhz1aRYX0R8yAVp2H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6195fe77464fd40efbe06b948db5d5d1_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6195fe77464fd40efbe06b948db5d5d1_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  6195fe77464fd40efbe06b948db5d5d1_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  6195fe77464fd40efbe06b948db5d5d1
- SHA1
  
  926db72ac0901a9eca93fc3f49378677089fe74b
- SHA256
  
  b06433c11864a55a564e06d1e2e1e98ff2bbd7053a5a2ec473d6c98bc2fe891f
- SHA512
  
  31368c495415cdd27ce6fb34c4421fe7a68438235f6de3575d1e39b61395174542b4bec8d509b1dcff85edce30b3c2d036b2ef28cb7dc84d0ee05880794343fc
- SSDEEP
  
  49152:znAQqMSPbcBVQej/1INRYX0R8yAH1plAH:TDqPoBhz1aRYX0R8yAVp2H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2977) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy