wannacry | 60dbd1084ec5ea6c826039b159aee2a561dd1229d7814328d4c501117a62fbde | Triage

Sharing

General

Target

44ade454a487822f1c9d75aa7d8df907_JaffaCakes118
Size

5.0MB
Sample

240714-g7e1csscld
MD5

44ade454a487822f1c9d75aa7d8df907
SHA1

c0df6b4099072a7ba157f1fb5f5cdaa763501382
SHA256

60dbd1084ec5ea6c826039b159aee2a561dd1229d7814328d4c501117a62fbde
SHA512

910655b47bd5795955f05750c08b88705381d001fe935c77bd426b760491e2b84070e1aebafc0233f7d3df19e2dc0109982cbd8f6dd1bc5cf69d699caa297027
SSDEEP

24576:RbLgurihdmMSirYbcMNgef0QeQjGqD8kIqaXmiHkdhAdmv:RnnMSPbcBVQejqGX1Hkdhnv

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  44ade454a487822f1c9d75aa7d8df907_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  44ade454a487822f1c9d75aa7d8df907
- SHA1
  
  c0df6b4099072a7ba157f1fb5f5cdaa763501382
- SHA256
  
  60dbd1084ec5ea6c826039b159aee2a561dd1229d7814328d4c501117a62fbde
- SHA512
  
  910655b47bd5795955f05750c08b88705381d001fe935c77bd426b760491e2b84070e1aebafc0233f7d3df19e2dc0109982cbd8f6dd1bc5cf69d699caa297027
- SSDEEP
  
  24576:RbLgurihdmMSirYbcMNgef0QeQjGqD8kIqaXmiHkdhAdmv:RnnMSPbcBVQejqGX1Hkdhnv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2064) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm