wannacry | c9b2bec1243391f0e37dcc44cc7b725aba495b954b3876e3395d3ae2d8faec2d | Triage

Sharing

General

Target

2024-07-09_ef0564bc53e8694a433d7c773fb11f1d_wannacry
Size

5.0MB
Sample

240709-n9r62avejg
MD5

ef0564bc53e8694a433d7c773fb11f1d
SHA1

f02a3250e23287312a3ddb5a1f2e605979ee5575
SHA256

c9b2bec1243391f0e37dcc44cc7b725aba495b954b3876e3395d3ae2d8faec2d
SHA512

ad7cf4dd221b46d129463d35442a9a99942304370bcd812f766d25cab83743658142edfaec5f186d8e2ab00c033af9f638d5ec1f0fe6de8036dbd2529de5331f
SSDEEP

98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAV:yDqPe1Cxcxk3ZAEUadzR8yc

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-07-09_ef0564bc53e8694a433d7c773fb11f1d_wannacry
- Size
  
  5.0MB
- MD5
  
  ef0564bc53e8694a433d7c773fb11f1d
- SHA1
  
  f02a3250e23287312a3ddb5a1f2e605979ee5575
- SHA256
  
  c9b2bec1243391f0e37dcc44cc7b725aba495b954b3876e3395d3ae2d8faec2d
- SHA512
  
  ad7cf4dd221b46d129463d35442a9a99942304370bcd812f766d25cab83743658142edfaec5f186d8e2ab00c033af9f638d5ec1f0fe6de8036dbd2529de5331f
- SSDEEP
  
  98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAV:yDqPe1Cxcxk3ZAEUadzR8yc
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3349) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm