wannacry | ecc73f2f7a65a80ef14951805739c7f31b6eab21245b64823adf5cdb8fa2cf9a | Triage

Submit
Reports

Overview

overview

Static

static

3

62186952d7...18.exe

windows7-x64

62186952d7...18.exe

windows10-2004-x64

Sharing

General

Target

62186952d7ebb8df7124e96b530e0506JaffaCakes118
Size

3.6MB
Sample

240523-asbk3aeh53
MD5

62186952d7ebb8df7124e96b530e0506
SHA1

8b37c0307a823ca8abc3774f3426e6af8299fe86
SHA256

ecc73f2f7a65a80ef14951805739c7f31b6eab21245b64823adf5cdb8fa2cf9a
SHA512

b35b745c9bde4f0be4c1e9b8211e64011ffdb7e4a5418084db2059658898477b41c55d583214975dddb7b1d0bdab84d8206723366cfb2b3663a1f8fb8d227471
SSDEEP

49152:XnAQqMSPbcXR2HeKIItNnd+TSqTdX1HkQo6SAAF:XDqPoiIItxdcSUDk36SA2

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

62186952d7ebb8df7124e96b530e0506JaffaCakes118.exe

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

62186952d7ebb8df7124e96b530e0506JaffaCakes118.exe

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  62186952d7ebb8df7124e96b530e0506JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  62186952d7ebb8df7124e96b530e0506
- SHA1
  
  8b37c0307a823ca8abc3774f3426e6af8299fe86
- SHA256
  
  ecc73f2f7a65a80ef14951805739c7f31b6eab21245b64823adf5cdb8fa2cf9a
- SHA512
  
  b35b745c9bde4f0be4c1e9b8211e64011ffdb7e4a5418084db2059658898477b41c55d583214975dddb7b1d0bdab84d8206723366cfb2b3663a1f8fb8d227471
- SSDEEP
  
  49152:XnAQqMSPbcXR2HeKIItNnd+TSqTdX1HkQo6SAAF:XDqPoiIItxdcSUDk36SA2
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3296) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy