wannacry | ed6591d07ced85dc04186bd0b17b8641aaede71ccd4d1551193055f2090459f8 | Triage

Submit
Reports

Overview

overview

Static

static

3

682aa64b91...18.dll

windows7-x64

682aa64b91...18.dll

windows10-2004-x64

Sharing

General

Target

682aa64b91690c7f4908f8f1412630d7_JaffaCakes118
Size

5.0MB
Sample

240723-s2q18axcrr
MD5

682aa64b91690c7f4908f8f1412630d7
SHA1

1dac4dac8fa5ec026452950acd63dfdbfeb60f8c
SHA256

ed6591d07ced85dc04186bd0b17b8641aaede71ccd4d1551193055f2090459f8
SHA512

6b693591493521a42049b333821f4fd5190cb984259e3ed33f8419ddb48322bd13204847db25124567985ee1b6d4940f3769c08d6452a9df78a8b45b676dfcf8
SSDEEP

49152:unNQYMSPbcBV6j/TNRxe6SAARdhnvoVv:aWYPoB4z5Rxe6SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

682aa64b91690c7f4908f8f1412630d7_JaffaCakes118.dll

Resource

win7-20240705-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

682aa64b91690c7f4908f8f1412630d7_JaffaCakes118.dll

Resource

win10v2004-20240709-en

wannacry discovery ransomware worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  682aa64b91690c7f4908f8f1412630d7_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  682aa64b91690c7f4908f8f1412630d7
- SHA1
  
  1dac4dac8fa5ec026452950acd63dfdbfeb60f8c
- SHA256
  
  ed6591d07ced85dc04186bd0b17b8641aaede71ccd4d1551193055f2090459f8
- SHA512
  
  6b693591493521a42049b333821f4fd5190cb984259e3ed33f8419ddb48322bd13204847db25124567985ee1b6d4940f3769c08d6452a9df78a8b45b676dfcf8
- SSDEEP
  
  49152:unNQYMSPbcBV6j/TNRxe6SAARdhnvoVv:aWYPoB4z5Rxe6SAEdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3333) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy