wannacry | 947837f99eadfc89901b66bb2688dc703a9355c8263c5de0b0103142a7fcea0c | Triage

Submit
Reports

Overview

overview

Static

static

3

a66bbb8181...18.dll

windows7-x64

a66bbb8181...18.dll

windows10-2004-x64

Sharing

General

Target

a66bbb81819c7a53008288547034108d_JaffaCakes118
Size

5.0MB
Sample

240613-tlpnwszcpp
MD5

a66bbb81819c7a53008288547034108d
SHA1

4362692ed7e98b5224314beb8ad1ff1afd8fed1d
SHA256

947837f99eadfc89901b66bb2688dc703a9355c8263c5de0b0103142a7fcea0c
SHA512

689a16b60a7e97d64ba29d3650bdb387bb17df1bf8bbafca9d02b03a64155dc753ed08037b440a4ed4397ad5e1bf6967d83ef8bf23457d169a5cb3af24f157bf
SSDEEP

24576:SbLgddQhfdmMd4scVNgeopJNtY+EUXDsh1ATL4pEjqEwN2gpndjb24XxiVL1RaQg:SnAQqMdfb3JlU8gfI19FXprotruq

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a66bbb81819c7a53008288547034108d_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a66bbb81819c7a53008288547034108d_JaffaCakes118.dll

Resource

win10v2004-20240611-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a66bbb81819c7a53008288547034108d_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  a66bbb81819c7a53008288547034108d
- SHA1
  
  4362692ed7e98b5224314beb8ad1ff1afd8fed1d
- SHA256
  
  947837f99eadfc89901b66bb2688dc703a9355c8263c5de0b0103142a7fcea0c
- SHA512
  
  689a16b60a7e97d64ba29d3650bdb387bb17df1bf8bbafca9d02b03a64155dc753ed08037b440a4ed4397ad5e1bf6967d83ef8bf23457d169a5cb3af24f157bf
- SSDEEP
  
  24576:SbLgddQhfdmMd4scVNgeopJNtY+EUXDsh1ATL4pEjqEwN2gpndjb24XxiVL1RaQg:SnAQqMdfb3JlU8gfI19FXprotruq
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3337) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy