wannacry | 0666b7b6f571a154ac43341c86bb48c80bda2649368c01d183a660d5e841d0f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

777295af47...18.dll

windows7-x64

777295af47...18.dll

windows10-2004-x64

Sharing

General

Target

777295af47127697b18eb864656e5dd0_JaffaCakes118
Size

5.0MB
Sample

240527-bqxwyscb43
MD5

777295af47127697b18eb864656e5dd0
SHA1

c5103eb13aefab7274962714a1fa8fcf7d0ee480
SHA256

0666b7b6f571a154ac43341c86bb48c80bda2649368c01d183a660d5e841d0f1
SHA512

0628236b1e839aa4038f405ffb387e0cb68b7a8a796777299fbd5ee8179509f21987d0ba7d80a8fc7ee44e375e595087be2540e76e5a9c5a0f78f271ad1fd573
SSDEEP

98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yA:d8qPe1Cxcxk3ZAEUadzR8y

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

777295af47127697b18eb864656e5dd0_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

777295af47127697b18eb864656e5dd0_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  777295af47127697b18eb864656e5dd0_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  777295af47127697b18eb864656e5dd0
- SHA1
  
  c5103eb13aefab7274962714a1fa8fcf7d0ee480
- SHA256
  
  0666b7b6f571a154ac43341c86bb48c80bda2649368c01d183a660d5e841d0f1
- SHA512
  
  0628236b1e839aa4038f405ffb387e0cb68b7a8a796777299fbd5ee8179509f21987d0ba7d80a8fc7ee44e375e595087be2540e76e5a9c5a0f78f271ad1fd573
- SSDEEP
  
  98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yA:d8qPe1Cxcxk3ZAEUadzR8y
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3211) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy