Overview

overview

10

Static

static

1

WannaCry.bat

windows7-x64

6

WannaCry.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WannaCry.bat

  • Size

    4.5MB

  • Sample

    240804-n9x3aaygjd

  • MD5

    c8dbe481d2770bc451c8743c27ba6ce9

  • SHA1

    1b323d89ed671bcd6a2a304f62e61541d18ca3ab

  • SHA256

    10760fe9e1b716649af9dc2d710d82032928324868caee715328e2f43ab44dc6

  • SHA512

    f7932900c47f1278ee51f4380e3735edd199915917de8476a1f738d400d75a28c92fde3028d0956f0c2693dcd51f85e3ee5c798a114b202a22855c227623d910

  • SSDEEP

    49152:l44FfYXDfYKWQwSm5JAyJx2ems7dhSYS0to/Q6rj6p3tQmd9+du9b:Pb

Score
10/10
wannacrydefense_evasiondiscoveryexecutionransomwareworm

Malware Config

Targets

    • Target

      WannaCry.bat

    • Size

      4.5MB

    • MD5

      c8dbe481d2770bc451c8743c27ba6ce9

    • SHA1

      1b323d89ed671bcd6a2a304f62e61541d18ca3ab

    • SHA256

      10760fe9e1b716649af9dc2d710d82032928324868caee715328e2f43ab44dc6

    • SHA512

      f7932900c47f1278ee51f4380e3735edd199915917de8476a1f738d400d75a28c92fde3028d0956f0c2693dcd51f85e3ee5c798a114b202a22855c227623d910

    • SSDEEP

      49152:l44FfYXDfYKWQwSm5JAyJx2ems7dhSYS0to/Q6rj6p3tQmd9+du9b:Pb

    Score
    10/10
    discoveryexecutionwannacrydefense_evasionransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Modifies file permissions

      discovery

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks