wannacry | 9629b3a256ded76562700a3ce77449ec1fb8ea3b6958937292898c12483d4c34 | Triage

Sharing

General

Target

2024-06-22_375c7fa36d49e7e2491779194de248b7_wannacry
Size

5.0MB
Sample

240622-r7fa8ssbrg
MD5

375c7fa36d49e7e2491779194de248b7
SHA1

559cc64ae8f3ebde4bfc37d71d211309667ee2db
SHA256

9629b3a256ded76562700a3ce77449ec1fb8ea3b6958937292898c12483d4c34
SHA512

d8b5983d7069ab4587589f5a0386589c8ceb98ddda690ea5e1a7decdb9f80e99353bbfe027bda3fbcd9a6d7ae98a77cc7d2dc2b3c3a7fd9bd66caefae65c71bb
SSDEEP

49152:QnuQqMSPbcBVTNRx+TSqTdX1HkQo6SAARdhnv:QZqPoBfRxcSUDk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-06-22_375c7fa36d49e7e2491779194de248b7_wannacry
- Size
  
  5.0MB
- MD5
  
  375c7fa36d49e7e2491779194de248b7
- SHA1
  
  559cc64ae8f3ebde4bfc37d71d211309667ee2db
- SHA256
  
  9629b3a256ded76562700a3ce77449ec1fb8ea3b6958937292898c12483d4c34
- SHA512
  
  d8b5983d7069ab4587589f5a0386589c8ceb98ddda690ea5e1a7decdb9f80e99353bbfe027bda3fbcd9a6d7ae98a77cc7d2dc2b3c3a7fd9bd66caefae65c71bb
- SSDEEP
  
  49152:QnuQqMSPbcBVTNRx+TSqTdX1HkQo6SAARdhnv:QZqPoBfRxcSUDk36SAEdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3357) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm