wannacry | 510203ff4298ac898aa7aaeb86463873ae176386a6f59d3782d51047b502ee60 | Triage

Submit
Reports

Overview

overview

Static

static

3

717b007a1a...18.dll

windows7-x64

717b007a1a...18.dll

windows10-2004-x64

Sharing

General

Target

717b007a1acd713cd369a3c736fe30fb_JaffaCakes118
Size

5.0MB
Sample

240525-k21xescc5y
MD5

717b007a1acd713cd369a3c736fe30fb
SHA1

75c47834540254dc6907a1431526bb084f70d929
SHA256

510203ff4298ac898aa7aaeb86463873ae176386a6f59d3782d51047b502ee60
SHA512

70fd6e0fb4621b84815ceb5dab1eb3bbd9a963af6613942d1fd9d26b60333f1cfbe173058cafac454e0648e91dc88e2fc72f7299248c64853cc5d70117ec5449
SSDEEP

24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626M+:SnAQqMSPbcBVQej/1INRx+

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

717b007a1acd713cd369a3c736fe30fb_JaffaCakes118.dll

Resource

win7-20231129-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

717b007a1acd713cd369a3c736fe30fb_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  717b007a1acd713cd369a3c736fe30fb_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  717b007a1acd713cd369a3c736fe30fb
- SHA1
  
  75c47834540254dc6907a1431526bb084f70d929
- SHA256
  
  510203ff4298ac898aa7aaeb86463873ae176386a6f59d3782d51047b502ee60
- SHA512
  
  70fd6e0fb4621b84815ceb5dab1eb3bbd9a963af6613942d1fd9d26b60333f1cfbe173058cafac454e0648e91dc88e2fc72f7299248c64853cc5d70117ec5449
- SSDEEP
  
  24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626M+:SnAQqMSPbcBVQej/1INRx+
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3336) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy