wannacry | 0003fa57b49fbc514bc48a2ce0c17e93307ab37123a65b3f5e1016b0d4f2f4fa | Triage

Submit
Reports

Overview

overview

Static

static

3

75695be8e3...18.dll

windows7-x64

75695be8e3...18.dll

windows10-2004-x64

Sharing

General

Target

75695be8e3ddf0ef933283b55a36d22f_JaffaCakes118
Size

5.0MB
Sample

240526-n68plsbc74
MD5

75695be8e3ddf0ef933283b55a36d22f
SHA1

26fbd0b2145fe8fee24524f245808c645c468556
SHA256

0003fa57b49fbc514bc48a2ce0c17e93307ab37123a65b3f5e1016b0d4f2f4fa
SHA512

dd8b63b87d1b5048bbb258958b50b2478ae3a731418db087f6f5dbcb7e10ad41471a274fff5c8639076ff0b9bb0e601f5e584cbd71df1db26cc14c2d4b7513ce
SSDEEP

49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQDH9PAMEcaEau3RthnAEYc8c6Ri5WN6n7:TDqPoBhz1aRxcSUDkK9P593R

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

75695be8e3ddf0ef933283b55a36d22f_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

75695be8e3ddf0ef933283b55a36d22f_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  75695be8e3ddf0ef933283b55a36d22f_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  75695be8e3ddf0ef933283b55a36d22f
- SHA1
  
  26fbd0b2145fe8fee24524f245808c645c468556
- SHA256
  
  0003fa57b49fbc514bc48a2ce0c17e93307ab37123a65b3f5e1016b0d4f2f4fa
- SHA512
  
  dd8b63b87d1b5048bbb258958b50b2478ae3a731418db087f6f5dbcb7e10ad41471a274fff5c8639076ff0b9bb0e601f5e584cbd71df1db26cc14c2d4b7513ce
- SSDEEP
  
  49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQDH9PAMEcaEau3RthnAEYc8c6Ri5WN6n7:TDqPoBhz1aRxcSUDkK9P593R
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3178) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy