wannacry | ea2751585258f3838bbfcd95d3ba740e5f80354d017f6fcee8c2c12c5bf1594d | Triage

Submit
Reports

Overview

overview

Static

static

3

a7e26759af...18.dll

windows7-x64

a7e26759af...18.dll

windows10-2004-x64

Sharing

General

Target

a7e26759af6012ba56a6b9c7a46e2179_JaffaCakes118
Size

5.0MB
Sample

240614-d8d8nstfle
MD5

a7e26759af6012ba56a6b9c7a46e2179
SHA1

47d8d54fc9984937a86f310880660463828039c6
SHA256

ea2751585258f3838bbfcd95d3ba740e5f80354d017f6fcee8c2c12c5bf1594d
SHA512

2729a61016127113ccc891448bf8be88d290f9cd3d82bc6c56521dd291307e09f4e3e907d326b06570acdf9d4736407f0adef6bd2b103903249a8b40f4d51fcb
SSDEEP

49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAM:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P5

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a7e26759af6012ba56a6b9c7a46e2179_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a7e26759af6012ba56a6b9c7a46e2179_JaffaCakes118.dll

Resource

win10v2004-20240611-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a7e26759af6012ba56a6b9c7a46e2179_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  a7e26759af6012ba56a6b9c7a46e2179
- SHA1
  
  47d8d54fc9984937a86f310880660463828039c6
- SHA256
  
  ea2751585258f3838bbfcd95d3ba740e5f80354d017f6fcee8c2c12c5bf1594d
- SHA512
  
  2729a61016127113ccc891448bf8be88d290f9cd3d82bc6c56521dd291307e09f4e3e907d326b06570acdf9d4736407f0adef6bd2b103903249a8b40f4d51fcb
- SSDEEP
  
  49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAM:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P5
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2679) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy