wannacry | 4d0196b2f88499de79d6bd780669038b088ee5dd9669309456f1f5a5878ae2ea | Triage

Submit
Reports

Overview

overview

Static

static

3

716d0a6be2...18.dll

windows7-x64

716d0a6be2...18.dll

windows10-2004-x64

Sharing

General

Target

716d0a6be236c224490d4fa616aa3fe9_JaffaCakes118
Size

5.0MB
Sample

240525-kmythsbh41
MD5

716d0a6be236c224490d4fa616aa3fe9
SHA1

eb534cd61e9ebff420a90dddc335a61def4aa6d3
SHA256

4d0196b2f88499de79d6bd780669038b088ee5dd9669309456f1f5a5878ae2ea
SHA512

9228c742d8fd84cf3b1d138a5fdc73eae8be065bf53500f50746a7914b002f55db3d64484bbf888bb55cb197b7dc64e55c322c1e6053fa47bbf8a9600ac64913
SSDEEP

49152:znAQqMSPbcBVQM1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:TDqPoBr1aRxcSUDk36SAEdhvxWa9

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

716d0a6be236c224490d4fa616aa3fe9_JaffaCakes118.dll

Resource

win7-20240220-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

716d0a6be236c224490d4fa616aa3fe9_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  716d0a6be236c224490d4fa616aa3fe9_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  716d0a6be236c224490d4fa616aa3fe9
- SHA1
  
  eb534cd61e9ebff420a90dddc335a61def4aa6d3
- SHA256
  
  4d0196b2f88499de79d6bd780669038b088ee5dd9669309456f1f5a5878ae2ea
- SHA512
  
  9228c742d8fd84cf3b1d138a5fdc73eae8be065bf53500f50746a7914b002f55db3d64484bbf888bb55cb197b7dc64e55c322c1e6053fa47bbf8a9600ac64913
- SSDEEP
  
  49152:znAQqMSPbcBVQM1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:TDqPoBr1aRxcSUDk36SAEdhvxWa9
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3333) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy