wannacry | 90e843dfa145824fc467904c05bf6f4aae8f044a9b2a12ad6739081d148d7684 | Triage

Sharing

General

Target

2024-06-15_8791a5555fe7e2639850a0ebe1efb274_wannacry
Size

5.0MB
Sample

240615-nagagsybkh
MD5

8791a5555fe7e2639850a0ebe1efb274
SHA1

db47fb0b429a58087e208942d5c499891ae4b6eb
SHA256

90e843dfa145824fc467904c05bf6f4aae8f044a9b2a12ad6739081d148d7684
SHA512

f7bfee16a9527cd0675fce0a0cafdf0294deddf3cf560722e3ce78545018a79089a1bc72dbf14fad6b752409bfacf9686128e55caade69c275640305ba3e3f90
SSDEEP

98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9PF3R8yAVp2H:yDqPe1Cxcxk3ZAEUadlR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-06-15_8791a5555fe7e2639850a0ebe1efb274_wannacry
- Size
  
  5.0MB
- MD5
  
  8791a5555fe7e2639850a0ebe1efb274
- SHA1
  
  db47fb0b429a58087e208942d5c499891ae4b6eb
- SHA256
  
  90e843dfa145824fc467904c05bf6f4aae8f044a9b2a12ad6739081d148d7684
- SHA512
  
  f7bfee16a9527cd0675fce0a0cafdf0294deddf3cf560722e3ce78545018a79089a1bc72dbf14fad6b752409bfacf9686128e55caade69c275640305ba3e3f90
- SSDEEP
  
  98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9PF3R8yAVp2H:yDqPe1Cxcxk3ZAEUadlR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3304) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm