wannacry | 3c2cd56abacb10b9de1b11ba289bae4d3bf187830cd31afc3984b449ff90025e | Triage

Sharing

General

Target

baed9ddd301c424b10fc2dd1d4bbb95e_JaffaCakes118
Size

3.6MB
Sample

240618-k3bzpawgpa
MD5

baed9ddd301c424b10fc2dd1d4bbb95e
SHA1

462bd00daa8df9a7455bf7c151c56b16b660417c
SHA256

3c2cd56abacb10b9de1b11ba289bae4d3bf187830cd31afc3984b449ff90025e
SHA512

942c9dca351eaf4794be665e39b9b86c019d5663e1e228eec49ca73488e0cac8d6d3f9be5c999cf8891137dc2f462a6bc4f00ef343823605fb4ac786154a70e0
SSDEEP

98304:wDqPoBhz1aRxcSUDk36SAQdhvxWa9P5wr:wDqPe1Cxcxk3ZAQUad0

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  baed9ddd301c424b10fc2dd1d4bbb95e_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  baed9ddd301c424b10fc2dd1d4bbb95e
- SHA1
  
  462bd00daa8df9a7455bf7c151c56b16b660417c
- SHA256
  
  3c2cd56abacb10b9de1b11ba289bae4d3bf187830cd31afc3984b449ff90025e
- SHA512
  
  942c9dca351eaf4794be665e39b9b86c019d5663e1e228eec49ca73488e0cac8d6d3f9be5c999cf8891137dc2f462a6bc4f00ef343823605fb4ac786154a70e0
- SSDEEP
  
  98304:wDqPoBhz1aRxcSUDk36SAQdhvxWa9P5wr:wDqPe1Cxcxk3ZAQUad0
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2678) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2