wannacry | 6ae6c7e5c248bf15f16f50200591b49fee5a967ee6923a7a070c487edef7ce36 | Triage

Submit
Reports

Overview

overview

Static

static

3

9ec3170c71...18.dll

windows7-x64

9ec3170c71...18.dll

windows10-2004-x64

Sharing

General

Target

9ec3170c7181621e1f861af2a4ecda6b_JaffaCakes118
Size

5.0MB
Sample

240611-tnbvtasgne
MD5

9ec3170c7181621e1f861af2a4ecda6b
SHA1

17b2d2e917700590c8d6d935a911e4a1cb20e500
SHA256

6ae6c7e5c248bf15f16f50200591b49fee5a967ee6923a7a070c487edef7ce36
SHA512

e9811e4245a93b6f33b7c2a51554febcfd9c048c5def7cdef428ab5f283464544f327622a835410206d6b7bd2a479a6865081684f44c9de946afd0020fd4eadf
SSDEEP

98304:+DqPoBhz1/RxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPe1pxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9ec3170c7181621e1f861af2a4ecda6b_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ec3170c7181621e1f861af2a4ecda6b_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  9ec3170c7181621e1f861af2a4ecda6b_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  9ec3170c7181621e1f861af2a4ecda6b
- SHA1
  
  17b2d2e917700590c8d6d935a911e4a1cb20e500
- SHA256
  
  6ae6c7e5c248bf15f16f50200591b49fee5a967ee6923a7a070c487edef7ce36
- SHA512
  
  e9811e4245a93b6f33b7c2a51554febcfd9c048c5def7cdef428ab5f283464544f327622a835410206d6b7bd2a479a6865081684f44c9de946afd0020fd4eadf
- SSDEEP
  
  98304:+DqPoBhz1/RxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPe1pxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3233) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy