wannacry | bc71972072b2559d78079c41e79f9fb808be3a8a3473439ea0485d1712d4cbd9 | Triage

Sharing

General

Target

2024-06-15_a9fc19a8ac8150c4654bcbb2c0fb0c18_wannacry
Size

5.0MB
Sample

240615-nfwx5asdnk
MD5

a9fc19a8ac8150c4654bcbb2c0fb0c18
SHA1

907afece4225e0858fe5b93e187faff815fef368
SHA256

bc71972072b2559d78079c41e79f9fb808be3a8a3473439ea0485d1712d4cbd9
SHA512

ddfc1bd0c852bac92170da73a8b7d8469fc3b03b20a78db58d0e4c7dfcce8591ef30fc83fe3d0d1c926b5ba87fd15e81ee722c53719a7acf1f67f6efddf0f702
SSDEEP

98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P5rwz3Qqgbz:XDqPe1Cxcxk3ZAEUad9wMt3

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-06-15_a9fc19a8ac8150c4654bcbb2c0fb0c18_wannacry
- Size
  
  5.0MB
- MD5
  
  a9fc19a8ac8150c4654bcbb2c0fb0c18
- SHA1
  
  907afece4225e0858fe5b93e187faff815fef368
- SHA256
  
  bc71972072b2559d78079c41e79f9fb808be3a8a3473439ea0485d1712d4cbd9
- SHA512
  
  ddfc1bd0c852bac92170da73a8b7d8469fc3b03b20a78db58d0e4c7dfcce8591ef30fc83fe3d0d1c926b5ba87fd15e81ee722c53719a7acf1f67f6efddf0f702
- SSDEEP
  
  98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P5rwz3Qqgbz:XDqPe1Cxcxk3ZAEUad9wMt3
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3117) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm