General
-
Target
2024-08-14_99a67993cdb1f90f586a9a6e2a0b3ff3_wannacry
-
Size
5.0MB
-
Sample
240814-khvajasend
-
MD5
99a67993cdb1f90f586a9a6e2a0b3ff3
-
SHA1
b852172100a660d06c85a5c043c94576c817cdfc
-
SHA256
ccc199e91b2cae007c8d1f0cfd66ad0be79f1bffd2f5bddd48410770cf9b4377
-
SHA512
fa0ba5b8031810429cd2245a480279d3feaf0252b5b1961f640908c78721d626fb5f11305392fbcb98438a621622bb9e41dc1c4d5b7acd02b5744216711f895f
-
SSDEEP
98304:D8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8s3:D8qPe1Cxcxk3ZAEUadzR8s
Malware Config
Targets
-
-
Target
2024-08-14_99a67993cdb1f90f586a9a6e2a0b3ff3_wannacry
-
Size
5.0MB
-
MD5
99a67993cdb1f90f586a9a6e2a0b3ff3
-
SHA1
b852172100a660d06c85a5c043c94576c817cdfc
-
SHA256
ccc199e91b2cae007c8d1f0cfd66ad0be79f1bffd2f5bddd48410770cf9b4377
-
SHA512
fa0ba5b8031810429cd2245a480279d3feaf0252b5b1961f640908c78721d626fb5f11305392fbcb98438a621622bb9e41dc1c4d5b7acd02b5744216711f895f
-
SSDEEP
98304:D8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8s3:D8qPe1Cxcxk3ZAEUadzR8s
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3252) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Modifies file permissions
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1