wannacry | 5747125368fb92ebcda6a8f101cfcacb44927fd91276e75a9e51124a7200a79a | Triage

Submit
Reports

Overview

overview

Static

static

3

9a1940abea...18.dll

windows7-x64

9a1940abea...18.dll

windows10-2004-x64

Sharing

General

Target

9a1940abeaadc51b10733e826a450261_JaffaCakes118
Size

5.0MB
Sample

240606-gkrqmsah49
MD5

9a1940abeaadc51b10733e826a450261
SHA1

44d0ae6e823f5ab51f5bb95a5850d6451d91db92
SHA256

5747125368fb92ebcda6a8f101cfcacb44927fd91276e75a9e51124a7200a79a
SHA512

c1a8c649e87e131d4b2dc3e7e17ac7487eba884476133059f0aa1759989572c577c7043aed10fa924f9828797bcf3671d045d99c62826ce320f42a0df56bdf81
SSDEEP

98304:+DqPoBhz1aRw6SAEdhvxWa9P593R8yAVp2H:+DqPe1CwZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9a1940abeaadc51b10733e826a450261_JaffaCakes118.dll

Resource

win7-20231129-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a1940abeaadc51b10733e826a450261_JaffaCakes118.dll

Resource

win10v2004-20240426-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  9a1940abeaadc51b10733e826a450261_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  9a1940abeaadc51b10733e826a450261
- SHA1
  
  44d0ae6e823f5ab51f5bb95a5850d6451d91db92
- SHA256
  
  5747125368fb92ebcda6a8f101cfcacb44927fd91276e75a9e51124a7200a79a
- SHA512
  
  c1a8c649e87e131d4b2dc3e7e17ac7487eba884476133059f0aa1759989572c577c7043aed10fa924f9828797bcf3671d045d99c62826ce320f42a0df56bdf81
- SSDEEP
  
  98304:+DqPoBhz1aRw6SAEdhvxWa9P593R8yAVp2H:+DqPe1CwZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3282) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy