wannacry | 337df37a59537558856e34d1ab68511664eb7d65d8bd077f713ce84e39142686 | Triage

Submit
Reports

Overview

overview

Static

static

3

8d6e6ea71a...18.dll

windows7-x64

8d6e6ea71a...18.dll

windows10-2004-x64

Sharing

General

Target

8d6e6ea71ac6dd82566ea60042ee86ab_JaffaCakes118
Size

5.0MB
Sample

240602-j6g5fafh2v
MD5

8d6e6ea71ac6dd82566ea60042ee86ab
SHA1

836557cb89300f02bf9395022b16418ba9d7fe96
SHA256

337df37a59537558856e34d1ab68511664eb7d65d8bd077f713ce84e39142686
SHA512

d095460fe5083d17239715a69823e852f087dfbb221ca42ec9d7a664a6f3bf0d8a1ea3945b3982c236fce04075950ea22e81b5dac2f01982403f24d4b795ef8a
SSDEEP

49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HhrH5AMEcaEau3R8:d8qPoBhz1aRxcSUDT593R8

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d6e6ea71ac6dd82566ea60042ee86ab_JaffaCakes118.dll

Resource

win7-20240215-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d6e6ea71ac6dd82566ea60042ee86ab_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  8d6e6ea71ac6dd82566ea60042ee86ab_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  8d6e6ea71ac6dd82566ea60042ee86ab
- SHA1
  
  836557cb89300f02bf9395022b16418ba9d7fe96
- SHA256
  
  337df37a59537558856e34d1ab68511664eb7d65d8bd077f713ce84e39142686
- SHA512
  
  d095460fe5083d17239715a69823e852f087dfbb221ca42ec9d7a664a6f3bf0d8a1ea3945b3982c236fce04075950ea22e81b5dac2f01982403f24d4b795ef8a
- SSDEEP
  
  49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HhrH5AMEcaEau3R8:d8qPoBhz1aRxcSUDT593R8
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3232) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy