wannacry | e82c1e6faa4031163ac5859fa08f1950fd6c9d54f600bd589447b03017de8492 | Triage

Submit
Reports

Overview

overview

Static

static

3

6a300f7511...18.dll

windows7-x64

6a300f7511...18.dll

windows10-2004-x64

Sharing

General

Target

6a300f7511bc43a6aab995f038f7a823_JaffaCakes118
Size

5.0MB
Sample

240523-h9wlkahe3z
MD5

6a300f7511bc43a6aab995f038f7a823
SHA1

b019d883a036fa07443bedce3370765817c9b0d3
SHA256

e82c1e6faa4031163ac5859fa08f1950fd6c9d54f600bd589447b03017de8492
SHA512

f0315ab0dc75b0e89af526e811a4addd8d9d515d713ebb66954720f320499290bc490b3e954985882c3268c0843031b1f820a74fe10130e1df10d7a4ee02d894
SSDEEP

49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9P:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6a300f7511bc43a6aab995f038f7a823_JaffaCakes118.dll

Resource

win7-20231129-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a300f7511bc43a6aab995f038f7a823_JaffaCakes118.dll

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  6a300f7511bc43a6aab995f038f7a823_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  6a300f7511bc43a6aab995f038f7a823
- SHA1
  
  b019d883a036fa07443bedce3370765817c9b0d3
- SHA256
  
  e82c1e6faa4031163ac5859fa08f1950fd6c9d54f600bd589447b03017de8492
- SHA512
  
  f0315ab0dc75b0e89af526e811a4addd8d9d515d713ebb66954720f320499290bc490b3e954985882c3268c0843031b1f820a74fe10130e1df10d7a4ee02d894
- SSDEEP
  
  49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9P:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3284) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy