wannacry | d3d8b33cca7663de1b65a949ffe420e5471a99108455a0cd17a04269ded5b2cd | Triage

Submit
Reports

Overview

overview

Static

static

3

b78a7ab0d1...18.dll

windows7-x64

b78a7ab0d1...18.dll

windows10-2004-x64

Sharing

General

Target

b78a7ab0d1b055edba7d44d911c88357_JaffaCakes118
Size

5.0MB
Sample

240617-jyghyavhnq
MD5

b78a7ab0d1b055edba7d44d911c88357
SHA1

cc797f3566fb8a674d726bea60c1254596d04743
SHA256

d3d8b33cca7663de1b65a949ffe420e5471a99108455a0cd17a04269ded5b2cd
SHA512

f9bba3a92dee970dc24ddee8917c92eea68e35e28f5d30b2829db334a7549da4ec6689027e8ded17d2552810c9d27dd6db9ed71d8045d93bb3e6f1f37625e284
SSDEEP

98304:+DqPoBbAI6SAEdhvxWa9P593R8yAVp2H:+DqPE3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b78a7ab0d1b055edba7d44d911c88357_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b78a7ab0d1b055edba7d44d911c88357_JaffaCakes118.dll

Resource

win10v2004-20240611-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  b78a7ab0d1b055edba7d44d911c88357_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  b78a7ab0d1b055edba7d44d911c88357
- SHA1
  
  cc797f3566fb8a674d726bea60c1254596d04743
- SHA256
  
  d3d8b33cca7663de1b65a949ffe420e5471a99108455a0cd17a04269ded5b2cd
- SHA512
  
  f9bba3a92dee970dc24ddee8917c92eea68e35e28f5d30b2829db334a7549da4ec6689027e8ded17d2552810c9d27dd6db9ed71d8045d93bb3e6f1f37625e284
- SSDEEP
  
  98304:+DqPoBbAI6SAEdhvxWa9P593R8yAVp2H:+DqPE3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2659) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy