wannacry | 5b9009ee5b3987c5dc3f3e9a2521ec67ecb99c0a24e9350af7ff6fb885c96bad | Triage

Submit
Reports

Overview

overview

Static

static

3

9a142dcdc5...18.dll

windows7-x64

9a142dcdc5...18.dll

windows10-2004-x64

Sharing

General

Target

9a142dcdc57eac7225800aa114f1fdb5_JaffaCakes118
Size

5.0MB
Sample

240815-pxvl3awfqk
MD5

9a142dcdc57eac7225800aa114f1fdb5
SHA1

bc90302f32c9ac5d929b8e99829dfd42ec6ebc94
SHA256

5b9009ee5b3987c5dc3f3e9a2521ec67ecb99c0a24e9350af7ff6fb885c96bad
SHA512

e4c5916af04c3ab3d94bcd5bf8761293c748d3648f9d652945df5fcfbfc870fde3bf7e147b6944b39916e49a8f087369031a885a23077700e985a91888f9e9fe
SSDEEP

49152:RnsEMSPbcBVQej/1INRx+TSqTdd1HkQo6SAARdhnv:1fPoBhz1aRxcSUZk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9a142dcdc57eac7225800aa114f1fdb5_JaffaCakes118.dll

Resource

win7-20240705-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a142dcdc57eac7225800aa114f1fdb5_JaffaCakes118.dll

Resource

win10v2004-20240802-en

wannacry discovery ransomware worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  9a142dcdc57eac7225800aa114f1fdb5_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  9a142dcdc57eac7225800aa114f1fdb5
- SHA1
  
  bc90302f32c9ac5d929b8e99829dfd42ec6ebc94
- SHA256
  
  5b9009ee5b3987c5dc3f3e9a2521ec67ecb99c0a24e9350af7ff6fb885c96bad
- SHA512
  
  e4c5916af04c3ab3d94bcd5bf8761293c748d3648f9d652945df5fcfbfc870fde3bf7e147b6944b39916e49a8f087369031a885a23077700e985a91888f9e9fe
- SSDEEP
  
  49152:RnsEMSPbcBVQej/1INRx+TSqTdd1HkQo6SAARdhnv:1fPoBhz1aRxcSUZk36SAEdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3037) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy