wannacry | e26fb8cb9a68760bfc1d11a46353b2cc60d5e8a6ec05c0e66cdc1d103bb273ee | Triage

Submit
Reports

Overview

overview

Static

static

3

afce4024d5...18.dll

windows7-x64

afce4024d5...18.dll

windows10-2004-x64

Sharing

General

Target

afce4024d50fb1ddd4050f7822a89dc6_JaffaCakes118
Size

5.0MB
Sample

240615-w82cbavbpk
MD5

afce4024d50fb1ddd4050f7822a89dc6
SHA1

434718ed8962d74765e296177eb9df1fb4e5231d
SHA256

e26fb8cb9a68760bfc1d11a46353b2cc60d5e8a6ec05c0e66cdc1d103bb273ee
SHA512

002da99e2a40d1b6a277b7111df841cf2b5b6bc08ca1ef4f1ea2377c5838ffd9c142e98e2f61e8142a5b62bea3ceecf934406324e0c5b10b890446f57e2122c0
SSDEEP

98304:TDqPoBhz1aRxcSUDk36SAd593R8yAVp2H:TDqPe1Cxcxk3ZAdzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

afce4024d50fb1ddd4050f7822a89dc6_JaffaCakes118.dll

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

afce4024d50fb1ddd4050f7822a89dc6_JaffaCakes118.dll

Resource

win10v2004-20240611-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  afce4024d50fb1ddd4050f7822a89dc6_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  afce4024d50fb1ddd4050f7822a89dc6
- SHA1
  
  434718ed8962d74765e296177eb9df1fb4e5231d
- SHA256
  
  e26fb8cb9a68760bfc1d11a46353b2cc60d5e8a6ec05c0e66cdc1d103bb273ee
- SHA512
  
  002da99e2a40d1b6a277b7111df841cf2b5b6bc08ca1ef4f1ea2377c5838ffd9c142e98e2f61e8142a5b62bea3ceecf934406324e0c5b10b890446f57e2122c0
- SSDEEP
  
  98304:TDqPoBhz1aRxcSUDk36SAd593R8yAVp2H:TDqPe1Cxcxk3ZAdzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3194) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy