wannacry | cd2db616d0aefceb729ef987e39e51dd4689d8648b7d7bec8fbb0bf23976e1f7 | Triage

Submit
Reports

Overview

overview

Static

static

3

b4574e3007...18.dll

windows7-x64

b4574e3007...18.dll

windows10-2004-x64

Sharing

General

Target

b4574e300787f055071ae787374f1e5d_JaffaCakes118
Size

5.0MB
Sample

240616-tdkd7stcpp
MD5

b4574e300787f055071ae787374f1e5d
SHA1

129291eb7176b286206008612539583f6302f69a
SHA256

cd2db616d0aefceb729ef987e39e51dd4689d8648b7d7bec8fbb0bf23976e1f7
SHA512

92f7a4e0b483eec0d9f1bdd5f76b8bdc3d736288b26baea175e51dc8993a0d757cb916cea57a95b4f27f44098b8f5b118902642e433fb2f0b6a88810793a164a
SSDEEP

98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P593oH:TDqPe1Cxcxk3ZAEUadzoH

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b4574e300787f055071ae787374f1e5d_JaffaCakes118.dll

Resource

win7-20240611-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4574e300787f055071ae787374f1e5d_JaffaCakes118.dll

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b4574e300787f055071ae787374f1e5d_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  b4574e300787f055071ae787374f1e5d
- SHA1
  
  129291eb7176b286206008612539583f6302f69a
- SHA256
  
  cd2db616d0aefceb729ef987e39e51dd4689d8648b7d7bec8fbb0bf23976e1f7
- SHA512
  
  92f7a4e0b483eec0d9f1bdd5f76b8bdc3d736288b26baea175e51dc8993a0d757cb916cea57a95b4f27f44098b8f5b118902642e433fb2f0b6a88810793a164a
- SSDEEP
  
  98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P593oH:TDqPe1Cxcxk3ZAEUadzoH
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3102) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy