wannacry | d7fe33d358736e3534c736636cf63d9f382af704b54f8effb4e5f2675d642031 | Triage

Sharing

General

Target

2024-07-23_b76d16413b5ae2e1e2fdbf61c3a21035_wannacry
Size

3.6MB
Sample

240723-lv3m4szcjg
MD5

b76d16413b5ae2e1e2fdbf61c3a21035
SHA1

437a943d4879fcad9dac0bf703aa956c8560db68
SHA256

d7fe33d358736e3534c736636cf63d9f382af704b54f8effb4e5f2675d642031
SHA512

c48e3e69d182596b85f1de89597209261d93cffe7d5997932ec362b8b67a1eb4ebeca8ecbef58d5c62a2e5f4689a570f79f1c73a21c50aeb0c1b493b9e741e23
SSDEEP

98304:w8qPoBhESUDk36SAEdhvxWa9P593R8yAVp2HI:w8qPzxk3ZAEUadzR8yc4HI

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-07-23_b76d16413b5ae2e1e2fdbf61c3a21035_wannacry
- Size
  
  3.6MB
- MD5
  
  b76d16413b5ae2e1e2fdbf61c3a21035
- SHA1
  
  437a943d4879fcad9dac0bf703aa956c8560db68
- SHA256
  
  d7fe33d358736e3534c736636cf63d9f382af704b54f8effb4e5f2675d642031
- SHA512
  
  c48e3e69d182596b85f1de89597209261d93cffe7d5997932ec362b8b67a1eb4ebeca8ecbef58d5c62a2e5f4689a570f79f1c73a21c50aeb0c1b493b9e741e23
- SSDEEP
  
  98304:w8qPoBhESUDk36SAEdhvxWa9P593R8yAVp2HI:w8qPzxk3ZAEUadzR8yc4HI
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3263) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm