wannacry | b2e147ea73d954d6938434c8f4e3fb68a3eac21d1770e39102f0c21cebb9acbf | Triage

Sharing

General

Target

a725bf924d21fc981dd173fa66bca35f_JaffaCakes118
Size

5.0MB
Sample

240613-3pj29awblb
MD5

a725bf924d21fc981dd173fa66bca35f
SHA1

c8b034345bbfca6981c3932388a245218cca3d9f
SHA256

b2e147ea73d954d6938434c8f4e3fb68a3eac21d1770e39102f0c21cebb9acbf
SHA512

80b4d0ac7aa24c1a6abc904f7feb46f772e6d0c5307860c62a6de5320a5e1b5568cf49d2e15786241d7171aae12ee29824781b07f330352f95eaf5ed80645ae4
SSDEEP

49152:JnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H:dDqPoBhz1aRxcSUDk36SAEdhvxWa

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  a725bf924d21fc981dd173fa66bca35f_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  a725bf924d21fc981dd173fa66bca35f
- SHA1
  
  c8b034345bbfca6981c3932388a245218cca3d9f
- SHA256
  
  b2e147ea73d954d6938434c8f4e3fb68a3eac21d1770e39102f0c21cebb9acbf
- SHA512
  
  80b4d0ac7aa24c1a6abc904f7feb46f772e6d0c5307860c62a6de5320a5e1b5568cf49d2e15786241d7171aae12ee29824781b07f330352f95eaf5ed80645ae4
- SSDEEP
  
  49152:JnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H:dDqPoBhz1aRxcSUDk36SAEdhvxWa
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2663) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm