wannacry | 72b9d265087cad1a5b7b4971e3d7638018d6bb4197ea304559d3f26b50a66079 | Triage

Sharing

General

Target

ae7afd9cd61ba69634680827681ec156_JaffaCakes118
Size

5.0MB
Sample

240615-pxd93svcpn
MD5

ae7afd9cd61ba69634680827681ec156
SHA1

e6c70b3b1700dd38308c9cb5924e4add09182a97
SHA256

72b9d265087cad1a5b7b4971e3d7638018d6bb4197ea304559d3f26b50a66079
SHA512

6b7bba5cd2cc964ca2543c270220f8cf8d5086e902d66b591911fcb4f22dabb7c4e0f17a036b565af052c9046e7c154644c9d666640437c88c55b6946e66d4f7
SSDEEP

24576:SbLgddQhfdmMSirYbcMNgef0KdNLKz662619XEk:SnAQqMSPbcBVKNRAB

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  ae7afd9cd61ba69634680827681ec156_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  ae7afd9cd61ba69634680827681ec156
- SHA1
  
  e6c70b3b1700dd38308c9cb5924e4add09182a97
- SHA256
  
  72b9d265087cad1a5b7b4971e3d7638018d6bb4197ea304559d3f26b50a66079
- SHA512
  
  6b7bba5cd2cc964ca2543c270220f8cf8d5086e902d66b591911fcb4f22dabb7c4e0f17a036b565af052c9046e7c154644c9d666640437c88c55b6946e66d4f7
- SSDEEP
  
  24576:SbLgddQhfdmMSirYbcMNgef0KdNLKz662619XEk:SnAQqMSPbcBVKNRAB
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2662) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm