wannacry | 3a3ac12868676fe2f37ca52bde0d436c8757bc6a4895d4d435fcacc4f0619819 | Triage

Sharing

General

Target

a9efa5efd2ed938506a419bfd08cd5d4_JaffaCakes118
Size

3.4MB
Sample

240614-qs3mjssfla
MD5

a9efa5efd2ed938506a419bfd08cd5d4
SHA1

13b5d6eca4409817c854d7fbd723d3bd3191ec73
SHA256

3a3ac12868676fe2f37ca52bde0d436c8757bc6a4895d4d435fcacc4f0619819
SHA512

4cb49609461b809884d6803a5c9da17910f03f894dfd94d101e42baa08381125d490ac5036ffeb5b4fcc4f28a8e51c623a6a577c781ab6877c1b142665be1538
SSDEEP

1536:Ao1Jfsh3MKNQugai+nN9S4A3v9q/j92FPVeaibszu93cLV/:AozecK+7hdV9qbmoaGDcLV

Score

10^/10

wannacry evasion ransomware worm

Malware Config

Targets

- Target
  
  a9efa5efd2ed938506a419bfd08cd5d4_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  a9efa5efd2ed938506a419bfd08cd5d4
- SHA1
  
  13b5d6eca4409817c854d7fbd723d3bd3191ec73
- SHA256
  
  3a3ac12868676fe2f37ca52bde0d436c8757bc6a4895d4d435fcacc4f0619819
- SHA512
  
  4cb49609461b809884d6803a5c9da17910f03f894dfd94d101e42baa08381125d490ac5036ffeb5b4fcc4f28a8e51c623a6a577c781ab6877c1b142665be1538
- SSDEEP
  
  1536:Ao1Jfsh3MKNQugai+nN9S4A3v9q/j92FPVeaibszu93cLV/:AozecK+7hdV9qbmoaGDcLV
Score

10^/10

wannacry ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Drops file in Drivers directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacryransomwareworm

behavioral2

wannacryevasionransomwareworm