wannacry | 639b2f700ab59d07ab8d6fb191b7609db91cae04ae6685944eb6473efcc9292a | Triage

Sharing

General

Target

718a1a03b6d79f7687411b084c0df570N.exe
Size

3.6MB
Sample

240802-h63wgasenn
MD5

718a1a03b6d79f7687411b084c0df570
SHA1

f2c2c8aa377b4a6cdc57d3a54eed997952968e80
SHA256

639b2f700ab59d07ab8d6fb191b7609db91cae04ae6685944eb6473efcc9292a
SHA512

0cb96334dfea2fa0ea585b63eec031a1b5b642dfc82309214bb4fe1bf66191b74a85c381d493a12d9230d24806adf61041e0e9b0c8fb80c146f344205fe79f38
SSDEEP

12288:GwbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7:VbLgdeQhfdmMSirYbcMNge

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  718a1a03b6d79f7687411b084c0df570N.exe
- Size
  
  3.6MB
- MD5
  
  718a1a03b6d79f7687411b084c0df570
- SHA1
  
  f2c2c8aa377b4a6cdc57d3a54eed997952968e80
- SHA256
  
  639b2f700ab59d07ab8d6fb191b7609db91cae04ae6685944eb6473efcc9292a
- SHA512
  
  0cb96334dfea2fa0ea585b63eec031a1b5b642dfc82309214bb4fe1bf66191b74a85c381d493a12d9230d24806adf61041e0e9b0c8fb80c146f344205fe79f38
- SSDEEP
  
  12288:GwbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7:VbLgdeQhfdmMSirYbcMNge
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2391) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm