wannacry | aeb3230d728a899a2db6d4323641664ff724a0c6dd28c2a4083f73295deb5510 | Triage

Submit
Reports

Overview

overview

Static

static

3

7cd6231469...18.dll

windows7-x64

7cd6231469...18.dll

windows10-2004-x64

Sharing

General

Target

7cd62314699e88eb5f1fad16e4054ad4_JaffaCakes118
Size

5.0MB
Sample

240528-nwsweaag74
MD5

7cd62314699e88eb5f1fad16e4054ad4
SHA1

179d952b83b96ff6647347cd840769cef070a3cf
SHA256

aeb3230d728a899a2db6d4323641664ff724a0c6dd28c2a4083f73295deb5510
SHA512

13a360bb21177860526b489dd375ba80acf4f0ce48f31249bc89cce48c36339127ff1113fec576824833fe5b046e838e5aa36c47d51a98614972941e2248b88b
SSDEEP

24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKkYyqGR:SnAQqMSPbcBVQej/1IN3

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7cd62314699e88eb5f1fad16e4054ad4_JaffaCakes118.dll

Resource

win7-20231129-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

7cd62314699e88eb5f1fad16e4054ad4_JaffaCakes118.dll

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  7cd62314699e88eb5f1fad16e4054ad4_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  7cd62314699e88eb5f1fad16e4054ad4
- SHA1
  
  179d952b83b96ff6647347cd840769cef070a3cf
- SHA256
  
  aeb3230d728a899a2db6d4323641664ff724a0c6dd28c2a4083f73295deb5510
- SHA512
  
  13a360bb21177860526b489dd375ba80acf4f0ce48f31249bc89cce48c36339127ff1113fec576824833fe5b046e838e5aa36c47d51a98614972941e2248b88b
- SSDEEP
  
  24576:SbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKkYyqGR:SnAQqMSPbcBVQej/1IN3
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3217) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy