wannacry | c7d03a10524910267ea96dc6acf1a2051a4a5f879e397f96ace23fe4eae6f0ce | Triage

Sharing

General

Target

ae494670de6ff2c70a41c801215690a6_JaffaCakes118
Size

3.6MB
Sample

240615-nzgybatbqp
MD5

ae494670de6ff2c70a41c801215690a6
SHA1

d84a537a91193c60be1304087565ff42cc0e6685
SHA256

c7d03a10524910267ea96dc6acf1a2051a4a5f879e397f96ace23fe4eae6f0ce
SHA512

340a6c690dcc082e1c1cbf677fcd1c9614c089d135e14a6fa7816b61f1e57df33578e7cfa0e411c6ebaf48c7a769dbe7041800d6eb8503ae167bdf451f084e94
SSDEEP

98304:yDqPoBhz1aRxcSUDkEQv9Snm1tnr7DRbxnsR8jpukItGXcfZIeWJw:yDqPe1CxcxkEQv9Snm1tnr7DRbxn2L

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  ae494670de6ff2c70a41c801215690a6_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  ae494670de6ff2c70a41c801215690a6
- SHA1
  
  d84a537a91193c60be1304087565ff42cc0e6685
- SHA256
  
  c7d03a10524910267ea96dc6acf1a2051a4a5f879e397f96ace23fe4eae6f0ce
- SHA512
  
  340a6c690dcc082e1c1cbf677fcd1c9614c089d135e14a6fa7816b61f1e57df33578e7cfa0e411c6ebaf48c7a769dbe7041800d6eb8503ae167bdf451f084e94
- SSDEEP
  
  98304:yDqPoBhz1aRxcSUDkEQv9Snm1tnr7DRbxnsR8jpukItGXcfZIeWJw:yDqPe1CxcxkEQv9Snm1tnr7DRbxn2L
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2670) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm