wannacry | 607c4a10f0731b16b3bc0477577e35f06e4a2affe3826be9c26799f7b44d0479 | Triage

Sharing

General

Target

2024-07-27_10c11e4162b3673e7472304aed593f70_wannacry
Size

5.0MB
Sample

240727-msv1xsxhra
MD5

10c11e4162b3673e7472304aed593f70
SHA1

b3f2056cc0ade486576089b8ea72eb1a606d129e
SHA256

607c4a10f0731b16b3bc0477577e35f06e4a2affe3826be9c26799f7b44d0479
SHA512

e298c8eacb0aca6f2cb30ba41d607f2bf77301be6ad786e86300952293a56b27b2d92f9544e03266d28cb6dc23b44b5add0ab52c04ce38fcf10bf6df62edc7cf
SSDEEP

98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:XDqPe1Cxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry defense_evasion discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-07-27_10c11e4162b3673e7472304aed593f70_wannacry
- Size
  
  5.0MB
- MD5
  
  10c11e4162b3673e7472304aed593f70
- SHA1
  
  b3f2056cc0ade486576089b8ea72eb1a606d129e
- SHA256
  
  607c4a10f0731b16b3bc0477577e35f06e4a2affe3826be9c26799f7b44d0479
- SHA512
  
  e298c8eacb0aca6f2cb30ba41d607f2bf77301be6ad786e86300952293a56b27b2d92f9544e03266d28cb6dc23b44b5add0ab52c04ce38fcf10bf6df62edc7cf
- SSDEEP
  
  98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:XDqPe1Cxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry defense_evasion discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3309) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Modifies file permissions
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydefense_evasiondiscoveryransomwareworm

behavioral2

wannacrydefense_evasiondiscoveryransomwareworm