wannacry | 2da27cb1ddfd315a6497300d881d04b280f0bb6ee41a722aef22408df9f82c38 | Triage

Sharing

General

Target

9bc1f89ad6c328ff37f3444407207067_JaffaCakes118
Size

5.0MB
Sample

240610-yrcnqsyfjr
MD5

9bc1f89ad6c328ff37f3444407207067
SHA1

23b76791f633bc7f39fc7457f52e61bb8de8fea7
SHA256

2da27cb1ddfd315a6497300d881d04b280f0bb6ee41a722aef22408df9f82c38
SHA512

b824fe4365d588a319d7abbb80640c73ac15d83ba80044026a9c96c85f7a9d93a4ad3eaec4a1e34cb93773ec90cd83de401621bf160d26ec41e637d00532b8a0
SSDEEP

98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P59OZxz:+DqPe1Cxcxk3ZAEUadC7z

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  9bc1f89ad6c328ff37f3444407207067_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  9bc1f89ad6c328ff37f3444407207067
- SHA1
  
  23b76791f633bc7f39fc7457f52e61bb8de8fea7
- SHA256
  
  2da27cb1ddfd315a6497300d881d04b280f0bb6ee41a722aef22408df9f82c38
- SHA512
  
  b824fe4365d588a319d7abbb80640c73ac15d83ba80044026a9c96c85f7a9d93a4ad3eaec4a1e34cb93773ec90cd83de401621bf160d26ec41e637d00532b8a0
- SSDEEP
  
  98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P59OZxz:+DqPe1Cxcxk3ZAEUadC7z
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2667) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm