wannacry | 82be7312055ea06867784fd3fa9483133f6ae2abb0a16903c701283646ac7eab | Triage

Submit
Reports

Overview

overview

Static

static

3

8fa0e5dd92...18.dll

windows7-x64

8fa0e5dd92...18.dll

windows10-2004-x64

Sharing

General

Target

8fa0e5dd92185799b73cbfab3da3e919_JaffaCakes118
Size

5.0MB
Sample

240602-19mmrshb2x
MD5

8fa0e5dd92185799b73cbfab3da3e919
SHA1

f7ef4a029a5563e85c14ffdf74437cef17d50c5a
SHA256

82be7312055ea06867784fd3fa9483133f6ae2abb0a16903c701283646ac7eab
SHA512

2d7b6c4586fbf240eb4d9c68c4a03fc4d04b06029ce9f903910d54a49e0ce6b95fd45f42a9a3c14b4b416f2a6cc41f44160376f7bbb2304d38cd27e99c79c29c
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:+DqPoBhz1aRxcSUDk36SA

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8fa0e5dd92185799b73cbfab3da3e919_JaffaCakes118.dll

Resource

win7-20231129-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8fa0e5dd92185799b73cbfab3da3e919_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8fa0e5dd92185799b73cbfab3da3e919_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  8fa0e5dd92185799b73cbfab3da3e919
- SHA1
  
  f7ef4a029a5563e85c14ffdf74437cef17d50c5a
- SHA256
  
  82be7312055ea06867784fd3fa9483133f6ae2abb0a16903c701283646ac7eab
- SHA512
  
  2d7b6c4586fbf240eb4d9c68c4a03fc4d04b06029ce9f903910d54a49e0ce6b95fd45f42a9a3c14b4b416f2a6cc41f44160376f7bbb2304d38cd27e99c79c29c
- SSDEEP
  
  49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:+DqPoBhz1aRxcSUDk36SA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3147) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy