wannacry | 5013a9fc3766f0c065d44c9f6a6a8c0101811d7df4860dd50cf627a0d28ed007 | Triage

Submit
Reports

Overview

overview

Static

static

3

033f9150e2...18.dll

windows7-x64

033f9150e2...18.dll

windows10-2004-x64

Sharing

General

Target

033f9150e241e7accecb60d849481871_JaffaCakes118
Size

5.0MB
Sample

240622-wf4lza1glj
MD5

033f9150e241e7accecb60d849481871
SHA1

09067fd23539df1ece704a92b2dca8e32f20f7c8
SHA256

5013a9fc3766f0c065d44c9f6a6a8c0101811d7df4860dd50cf627a0d28ed007
SHA512

e08d2eb9edacbda6dfc7b2a153eaa7f38fe967876df28230e0cc88d3511d8f867f32314f49e761f402d1ff6f10fb411546ca549d855d9676992788670d512015
SSDEEP

98304:dDqPoBhz1aRxcSUZk36SAEdhvxWa9P593R8yAVp2H:dDqPe1Cxc7k3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

033f9150e241e7accecb60d849481871_JaffaCakes118.dll

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

033f9150e241e7accecb60d849481871_JaffaCakes118.dll

Resource

win10v2004-20240611-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  033f9150e241e7accecb60d849481871_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  033f9150e241e7accecb60d849481871
- SHA1
  
  09067fd23539df1ece704a92b2dca8e32f20f7c8
- SHA256
  
  5013a9fc3766f0c065d44c9f6a6a8c0101811d7df4860dd50cf627a0d28ed007
- SHA512
  
  e08d2eb9edacbda6dfc7b2a153eaa7f38fe967876df28230e0cc88d3511d8f867f32314f49e761f402d1ff6f10fb411546ca549d855d9676992788670d512015
- SSDEEP
  
  98304:dDqPoBhz1aRxcSUZk36SAEdhvxWa9P593R8yAVp2H:dDqPe1Cxc7k3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2663) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy