wannacry | f9488380f518f065fceedc417885f79fa90fce648fb7d1e6684cc7c20d1ef97e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe
Size

5.0MB
MD5

f125b96600cc95e4d4f6e3fc4a6fff47
SHA1

b1ae7a28971dca3f3f1034c2471f797e5dfef6de
SHA256

f9488380f518f065fceedc417885f79fa90fce648fb7d1e6684cc7c20d1ef97e
SHA512

9f7a2d706f6c80f876684d50e72419e891130d25dd8f042a3f9b0ca370a6b1d96364ed14bb828c08f36b153df16160bef2e30215d2ee753047ee522e7b971330
SSDEEP

49152:VnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (3369) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Executes dropped EXE 1 IoCs

Processes:

tasksche.exe

pid process

1472 tasksche.exe
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Drops file in Windows directory 1 IoCs

Processes:

2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe

description ioc process

File created C:\WINDOWS\tasksche.exe 2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe

pid	process
1472	tasksche.exe

description	ioc	process
File created	C:\WINDOWS\tasksche.exe	2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe

C:\Users\Admin\AppData\Local\Temp\2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe"
1⤵
- Drops file in Windows directory
PID:652

C:\WINDOWS\tasksche.exe
C:\WINDOWS\tasksche.exe /i
2⤵
- Executes dropped EXE
PID:1472

C:\Users\Admin\AppData\Local\Temp\2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe
C:\Users\Admin\AppData\Local\Temp\2024-07-04_f125b96600cc95e4d4f6e3fc4a6fff47_wannacry.exe -m security
1⤵
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
223f0223eedca8c0471fe7c94a9e1402

SHA1
16ee9d80ba7e68bdd86debf3a2cb080582501c84

SHA256
50e324aa1d7f2ca7474e4ccf6bb4d234dd8a4e3922ec081fe86e61a04a4e9a57

SHA512
e5482cd81df738ad2a3277edaa2bdd7c261af18727dd0d864af97d1a287790c4d1466ff22c5b25945fc429b3402108cb79bfcbc01e19c4f117284cdec72b19d7

Download Submit