wannacry | 253d832ea20c6faee0825c1926b2412686c83f9f1521a7817bd91df1ae0208e6 | Triage

Submit
Reports

Overview

overview

Static

static

3

63a991006a...18.dll

windows7-x64

63a991006a...18.dll

windows10-2004-x64

Sharing

General

Target

63a991006af2616ad323958bbd347c90_JaffaCakes118
Size

5.0MB
Sample

240521-r3t9lahd89
MD5

63a991006af2616ad323958bbd347c90
SHA1

cc0d90b22aa8053ea9e132889bca45e43ca900ac
SHA256

253d832ea20c6faee0825c1926b2412686c83f9f1521a7817bd91df1ae0208e6
SHA512

ac5abaf38c705713051debaf9f0133ee26eb53aff619e9a747d916b4861abf254a0cacd45b76207053e5fd849127716526779b856b4507102dfd63b819bf2144
SSDEEP

49152:SnAQqMSPbcBV3GGafYzflm+fZTFZIGayscOqd2vC0+KtARUbfMpr7WvCS:+DqPoBQ+iUP0e9y0lWCS

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63a991006af2616ad323958bbd347c90_JaffaCakes118.dll

Resource

win7-20231129-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

63a991006af2616ad323958bbd347c90_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  63a991006af2616ad323958bbd347c90_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  63a991006af2616ad323958bbd347c90
- SHA1
  
  cc0d90b22aa8053ea9e132889bca45e43ca900ac
- SHA256
  
  253d832ea20c6faee0825c1926b2412686c83f9f1521a7817bd91df1ae0208e6
- SHA512
  
  ac5abaf38c705713051debaf9f0133ee26eb53aff619e9a747d916b4861abf254a0cacd45b76207053e5fd849127716526779b856b4507102dfd63b819bf2144
- SSDEEP
  
  49152:SnAQqMSPbcBV3GGafYzflm+fZTFZIGayscOqd2vC0+KtARUbfMpr7WvCS:+DqPoBQ+iUP0e9y0lWCS
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3138) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy