General

  • Target

    2024-05-22_ac15c0ef7b0cfd62f087ccb06db91f5d_wannacry

  • Size

    3.6MB

  • Sample

    240522-2tjrlscb22

  • MD5

    ac15c0ef7b0cfd62f087ccb06db91f5d

  • SHA1

    97c55ce90ecb1197d39c4b3c3f954bd8105c1c31

  • SHA256

    40c89149489eb496635372b379a8f5437c01013d0119a480031a183c9fff4b37

  • SHA512

    90de24ed02957057ab5dcb5e97fc03f1165ac97dff491709854eaec2c959c65e10b8a1ca17ee87d3a147d0c6b22d55b86ca99c8365e794271a0179dbf6cf3c94

  • SSDEEP

    12288:GebLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7:XbLgddQhfdmMSirYbcMNge

Malware Config

Targets

    • Target

      2024-05-22_ac15c0ef7b0cfd62f087ccb06db91f5d_wannacry

    • Size

      3.6MB

    • MD5

      ac15c0ef7b0cfd62f087ccb06db91f5d

    • SHA1

      97c55ce90ecb1197d39c4b3c3f954bd8105c1c31

    • SHA256

      40c89149489eb496635372b379a8f5437c01013d0119a480031a183c9fff4b37

    • SHA512

      90de24ed02957057ab5dcb5e97fc03f1165ac97dff491709854eaec2c959c65e10b8a1ca17ee87d3a147d0c6b22d55b86ca99c8365e794271a0179dbf6cf3c94

    • SSDEEP

      12288:GebLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7:XbLgddQhfdmMSirYbcMNge

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3267) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks