wannacry | 7b8749dd344ddf31957170efc80a2182fa53414436e09b169a99f404bd88ffa3 | Triage

Sharing

General

Target

48873aa5ecae0c477169eacd4f7f120a_JaffaCakes118
Size

5.0MB
Sample

240715-gr5k3svapg
MD5

48873aa5ecae0c477169eacd4f7f120a
SHA1

bde076efc39dd693d2c6e26345f8b74259af3362
SHA256

7b8749dd344ddf31957170efc80a2182fa53414436e09b169a99f404bd88ffa3
SHA512

0714b355a1a9a89ffda1b5cb2c4f6c8acbcd5da9afd5f2442733b54adc18926e426a80e5ab14fe3dc4af8ac97b47d496e3a1f2cbb6326b3acbf6e344b1527ee1
SSDEEP

12288:T1bLgmluCYQhMbaIMu7L5NVErCA4z2g6rTcbvz6SdSNs:RbLguqQhfdmMSirYbr6SA

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  48873aa5ecae0c477169eacd4f7f120a_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  48873aa5ecae0c477169eacd4f7f120a
- SHA1
  
  bde076efc39dd693d2c6e26345f8b74259af3362
- SHA256
  
  7b8749dd344ddf31957170efc80a2182fa53414436e09b169a99f404bd88ffa3
- SHA512
  
  0714b355a1a9a89ffda1b5cb2c4f6c8acbcd5da9afd5f2442733b54adc18926e426a80e5ab14fe3dc4af8ac97b47d496e3a1f2cbb6326b3acbf6e344b1527ee1
- SSDEEP
  
  12288:T1bLgmluCYQhMbaIMu7L5NVErCA4z2g6rTcbvz6SdSNs:RbLguqQhfdmMSirYbr6SA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2165) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm