wannacry | 2c3cd58eb8767b3364e3310c1f17f7452f8db6149eacc4425893a2d636997e7e | Triage

Submit
Reports

Overview

overview

Static

static

3

907f166564...18.dll

windows7-x64

907f166564...18.dll

windows10-2004-x64

Sharing

General

Target

907f16656438f571f9c5dcf56c57487f_JaffaCakes118
Size

5.0MB
Sample

240603-esnmvacb98
MD5

907f16656438f571f9c5dcf56c57487f
SHA1

d5c179d30487f4386390c23bb68c11d9f46a815f
SHA256

2c3cd58eb8767b3364e3310c1f17f7452f8db6149eacc4425893a2d636997e7e
SHA512

9a8d9a462c09e0c1247e75c84a4e7280d7f0b096a5198c821bdcb42e8bc74d947401cde718000316fd90d470770d161ff33ac03ea910670b993940d55590c543
SSDEEP

98304:TDqPoBhz1aRxcSUDkEQVdhvxWa9P593R8yAVp2H:TDqPe1CxcxkEQVUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

907f16656438f571f9c5dcf56c57487f_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

907f16656438f571f9c5dcf56c57487f_JaffaCakes118.dll

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  907f16656438f571f9c5dcf56c57487f_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  907f16656438f571f9c5dcf56c57487f
- SHA1
  
  d5c179d30487f4386390c23bb68c11d9f46a815f
- SHA256
  
  2c3cd58eb8767b3364e3310c1f17f7452f8db6149eacc4425893a2d636997e7e
- SHA512
  
  9a8d9a462c09e0c1247e75c84a4e7280d7f0b096a5198c821bdcb42e8bc74d947401cde718000316fd90d470770d161ff33ac03ea910670b993940d55590c543
- SSDEEP
  
  98304:TDqPoBhz1aRxcSUDkEQVdhvxWa9P593R8yAVp2H:TDqPe1CxcxkEQVUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3131) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy