wannacry | 9c4143a752b9ab1cdc9d6dc8db3e66a4b344c941ef56daa0105840b2425eab99 | Triage

Submit
Reports

Overview

overview

Static

static

3

65924802d0...18.exe

windows7-x64

65924802d0...18.exe

windows10-2004-x64

Sharing

General

Target

65924802d0fb84aaa7059fb0b79b1d30_JaffaCakes118
Size

3.6MB
Sample

240522-b6ys7agd72
MD5

65924802d0fb84aaa7059fb0b79b1d30
SHA1

6a80f4ebae7599686444039e771fec5176ca5549
SHA256

9c4143a752b9ab1cdc9d6dc8db3e66a4b344c941ef56daa0105840b2425eab99
SHA512

8efcb1fa7f908177f97964bbd8c4992e25d7a61d187d0ff75bc8c6d28477bd802d8c5146f2a6226ca734993e760fe0bb165de976f08b1d016ae23052f170325a
SSDEEP

98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yA:XDqPe1Cxcxk3ZAEUadzR8y

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

65924802d0fb84aaa7059fb0b79b1d30_JaffaCakes118.exe

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

65924802d0fb84aaa7059fb0b79b1d30_JaffaCakes118.exe

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  65924802d0fb84aaa7059fb0b79b1d30_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  65924802d0fb84aaa7059fb0b79b1d30
- SHA1
  
  6a80f4ebae7599686444039e771fec5176ca5549
- SHA256
  
  9c4143a752b9ab1cdc9d6dc8db3e66a4b344c941ef56daa0105840b2425eab99
- SHA512
  
  8efcb1fa7f908177f97964bbd8c4992e25d7a61d187d0ff75bc8c6d28477bd802d8c5146f2a6226ca734993e760fe0bb165de976f08b1d016ae23052f170325a
- SSDEEP
  
  98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yA:XDqPe1Cxcxk3ZAEUadzR8y
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3105) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy