wannacry | 0fe166eb8be0949a826e3a7148ee552114cbed025240550fe73c373e43a9dd3e | Triage

Submit
Reports

Overview

overview

Static

static

3

8d0b619083...18.exe

windows7-x64

8d0b619083...18.exe

windows10-2004-x64

Sharing

General

Target

8d0b6190835e7430d8fea746b7966d1c_JaffaCakes118
Size

3.6MB
Sample

240602-gachzacf61
MD5

8d0b6190835e7430d8fea746b7966d1c
SHA1

ed16a1c77656034e566eae87a9e8c65951db26be
SHA256

0fe166eb8be0949a826e3a7148ee552114cbed025240550fe73c373e43a9dd3e
SHA512

00dfa4e0d48f8a9cc1587241af88822242cf3a3a1d91e3229f8e5dbd78c7fb85f28228679a8f520c8ed24122731f763fb53f65e0d07bbc66c91d72e697d990f3
SSDEEP

98304:yDqPoBsywKSbevWSd5dhvxWa9P593R8yAVp2HI:yDqPsw5bNi5UadzR8yc4HI

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d0b6190835e7430d8fea746b7966d1c_JaffaCakes118.exe

Resource

win7-20231129-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d0b6190835e7430d8fea746b7966d1c_JaffaCakes118.exe

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  8d0b6190835e7430d8fea746b7966d1c_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  8d0b6190835e7430d8fea746b7966d1c
- SHA1
  
  ed16a1c77656034e566eae87a9e8c65951db26be
- SHA256
  
  0fe166eb8be0949a826e3a7148ee552114cbed025240550fe73c373e43a9dd3e
- SHA512
  
  00dfa4e0d48f8a9cc1587241af88822242cf3a3a1d91e3229f8e5dbd78c7fb85f28228679a8f520c8ed24122731f763fb53f65e0d07bbc66c91d72e697d990f3
- SSDEEP
  
  98304:yDqPoBsywKSbevWSd5dhvxWa9P593R8yAVp2HI:yDqPsw5bNi5UadzR8yc4HI
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3346) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy