wannacry | 5067fee0e271fea31a5b0f4479521e26250678656675b9ddcca829445f7d242a | Triage

Submit
Reports

Overview

overview

Static

static

3

74f8cf3081...18.dll

windows7-x64

74f8cf3081...18.dll

windows10-2004-x64

Sharing

General

Target

74f8cf308139a939d3fdbaadaca3132b_JaffaCakes118
Size

5.0MB
Sample

240526-k19g6sdh87
MD5

74f8cf308139a939d3fdbaadaca3132b
SHA1

9ec8f64b061ad98c41ef5afbe864e1974cc456b7
SHA256

5067fee0e271fea31a5b0f4479521e26250678656675b9ddcca829445f7d242a
SHA512

30c4429d333680369cc2b30302ecfc8830c9ce4f9d52619494b7c265863eb00b58ad7b4c02f4616ea2613d6fd1d1509703ce06c8221643675fbf16a6626c9e91
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAME:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

74f8cf308139a939d3fdbaadaca3132b_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

74f8cf308139a939d3fdbaadaca3132b_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  74f8cf308139a939d3fdbaadaca3132b_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  74f8cf308139a939d3fdbaadaca3132b
- SHA1
  
  9ec8f64b061ad98c41ef5afbe864e1974cc456b7
- SHA256
  
  5067fee0e271fea31a5b0f4479521e26250678656675b9ddcca829445f7d242a
- SHA512
  
  30c4429d333680369cc2b30302ecfc8830c9ce4f9d52619494b7c265863eb00b58ad7b4c02f4616ea2613d6fd1d1509703ce06c8221643675fbf16a6626c9e91
- SSDEEP
  
  49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAME:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3338) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy