wannacry | d1defdf54699d79d34b2f83d8e0d3422090d0950ee0f4b0f7b7c998bf19c9cec | Triage

Submit
Reports

Overview

overview

Static

static

3

a9530b1bf7...18.dll

windows7-x64

a9530b1bf7...18.dll

windows10-2004-x64

Sharing

General

Target

a9530b1bf77e4147b0897565a54ea0fd_JaffaCakes118
Size

5.0MB
Sample

240819-djhjss1bkc
MD5

a9530b1bf77e4147b0897565a54ea0fd
SHA1

65cf9cadecd520d7051dfdfe7c11e5c100b4b819
SHA256

d1defdf54699d79d34b2f83d8e0d3422090d0950ee0f4b0f7b7c998bf19c9cec
SHA512

d4390fa16c90075ae727c85bf52b74a2c7169c2e2826e5e1834f9534e4aaa57d987b1fd22523c4c5c3da2c09ce6fe8cffb002c9ef418e73b4d5594a2161a56c9
SSDEEP

49152:RnnMSPbcBVQej/1INRx+TSqTdX1HkQo6SAXivRdhnv:1nPoBhz1aRxcSUDk36SAXiZdhv

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a9530b1bf77e4147b0897565a54ea0fd_JaffaCakes118.dll

Resource

win7-20240705-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9530b1bf77e4147b0897565a54ea0fd_JaffaCakes118.dll

Resource

win10v2004-20240802-en

wannacry discovery ransomware worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9530b1bf77e4147b0897565a54ea0fd_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  a9530b1bf77e4147b0897565a54ea0fd
- SHA1
  
  65cf9cadecd520d7051dfdfe7c11e5c100b4b819
- SHA256
  
  d1defdf54699d79d34b2f83d8e0d3422090d0950ee0f4b0f7b7c998bf19c9cec
- SHA512
  
  d4390fa16c90075ae727c85bf52b74a2c7169c2e2826e5e1834f9534e4aaa57d987b1fd22523c4c5c3da2c09ce6fe8cffb002c9ef418e73b4d5594a2161a56c9
- SSDEEP
  
  49152:RnnMSPbcBVQej/1INRx+TSqTdX1HkQo6SAXivRdhnv:1nPoBhz1aRxcSUDk36SAXiZdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3113) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy