wannacry | a2764aa6b77f04df6ec82a911405ae75a9315093d1836091c386669f6da2cff5 | Triage

Submit
Reports

Overview

overview

Static

static

3

7120a14372...18.dll

windows7-x64

7120a14372...18.dll

windows10-2004-x64

Sharing

General

Target

7120a143729288157fb3356fc60205bc_JaffaCakes118
Size

5.0MB
Sample

240525-haeh1ahd65
MD5

7120a143729288157fb3356fc60205bc
SHA1

45b703b0353d71541c8abd6faea7e57c3adca5fb
SHA256

a2764aa6b77f04df6ec82a911405ae75a9315093d1836091c386669f6da2cff5
SHA512

4e5d49f7e5b3171e9488a660ee67847160144e428a8219311cd437a8df3c0c0fbd4be6a6d48c26b6a9a0d9db2f2fd3c4afc255c41a1a5a617799ae36d1ed6847
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SA8dhvxWa9P5FyAVp2H:+DqP21Cxcxk3ZA8Uadvyc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7120a143729288157fb3356fc60205bc_JaffaCakes118.dll

Resource

win7-20240419-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

7120a143729288157fb3356fc60205bc_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  7120a143729288157fb3356fc60205bc_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  7120a143729288157fb3356fc60205bc
- SHA1
  
  45b703b0353d71541c8abd6faea7e57c3adca5fb
- SHA256
  
  a2764aa6b77f04df6ec82a911405ae75a9315093d1836091c386669f6da2cff5
- SHA512
  
  4e5d49f7e5b3171e9488a660ee67847160144e428a8219311cd437a8df3c0c0fbd4be6a6d48c26b6a9a0d9db2f2fd3c4afc255c41a1a5a617799ae36d1ed6847
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SA8dhvxWa9P5FyAVp2H:+DqP21Cxcxk3ZA8Uadvyc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3220) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy