wannacry | 16dd02cf3064647ab6321b99b80afd3b63563511dcb4c5d46979bc8d89cf41bf | Triage

Submit
Reports

Overview

overview

Static

static

3

9034c2372b...18.dll

windows7-x64

9034c2372b...18.dll

windows10-2004-x64

Sharing

General

Target

9034c2372be77c779ca09b975dfc9571_JaffaCakes118
Size

5.0MB
Sample

240603-chyzqafd81
MD5

9034c2372be77c779ca09b975dfc9571
SHA1

a853c8bc658dd18c5c7e34012856529d739b6a62
SHA256

16dd02cf3064647ab6321b99b80afd3b63563511dcb4c5d46979bc8d89cf41bf
SHA512

1b6e5459be93d428a540fb17a02cb824ffbc3a535324dfea688d87c7a4c3d29eb14963ed3836bae7e5b8f3d544d4cfc3413792def377e65485c36e5aa66c3977
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2S:+DqPe1Cxcxk3ZAEUadzR8yc4S

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9034c2372be77c779ca09b975dfc9571_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9034c2372be77c779ca09b975dfc9571_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  9034c2372be77c779ca09b975dfc9571_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  9034c2372be77c779ca09b975dfc9571
- SHA1
  
  a853c8bc658dd18c5c7e34012856529d739b6a62
- SHA256
  
  16dd02cf3064647ab6321b99b80afd3b63563511dcb4c5d46979bc8d89cf41bf
- SHA512
  
  1b6e5459be93d428a540fb17a02cb824ffbc3a535324dfea688d87c7a4c3d29eb14963ed3836bae7e5b8f3d544d4cfc3413792def377e65485c36e5aa66c3977
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2S:+DqPe1Cxcxk3ZAEUadzR8yc4S
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3262) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy