wannacry | 0b2022ea058de6e428d8567d52ba16bc4b5e3b94cc64aa257b1d149db13eb89b | Triage

Sharing

General

Target

2024-07-29_d3de9b21f1d83fc76aba2c23c533da11_wannacry
Size

5.0MB
Sample

240729-ge6ydazcke
MD5

d3de9b21f1d83fc76aba2c23c533da11
SHA1

a22c474c8458fd267a076d5fc0db3e1bbbc1a52e
SHA256

0b2022ea058de6e428d8567d52ba16bc4b5e3b94cc64aa257b1d149db13eb89b
SHA512

8bb2035ce701cfcb549479ed262f5701b165b5fb9012fa80f8baa637ca343c081a1b8d331c78d79c843da583509db5bbac1c35850a3c8e9cea2f4c0d8096a531
SSDEEP

98304:T8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:T8qPe1Cxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  2024-07-29_d3de9b21f1d83fc76aba2c23c533da11_wannacry
- Size
  
  5.0MB
- MD5
  
  d3de9b21f1d83fc76aba2c23c533da11
- SHA1
  
  a22c474c8458fd267a076d5fc0db3e1bbbc1a52e
- SHA256
  
  0b2022ea058de6e428d8567d52ba16bc4b5e3b94cc64aa257b1d149db13eb89b
- SHA512
  
  8bb2035ce701cfcb549479ed262f5701b165b5fb9012fa80f8baa637ca343c081a1b8d331c78d79c843da583509db5bbac1c35850a3c8e9cea2f4c0d8096a531
- SSDEEP
  
  98304:T8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:T8qPe1Cxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3351) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm