General

  • Target

    2024-08-20_222f63098e8d51de8701151c137bab38_wannacry

  • Size

    5.0MB

  • Sample

    240820-gezjaswcpg

  • MD5

    222f63098e8d51de8701151c137bab38

  • SHA1

    899450401bfd5cb2650be8f92435bd8e84b17a08

  • SHA256

    c8c319a1e3fd02d463fe556cd3017abb2a012a3cccfb4bcb95650e7b785a971e

  • SHA512

    ed0b0fe4616e57718a4a53ff1b7bbca71e9c94eb4486adb546da3d366e32e3af576b7bcb707c6a6889db5d6431dbac91e53f0b76c1d5bbbadcd08b2cc14cee25

  • SSDEEP

    49152:RnAQqMSPbcBVQej3qINRx+TSqTdX1HkQo6SA:1DqPoBhTqaRxcSUDk36SA

Malware Config

Targets

    • Target

      2024-08-20_222f63098e8d51de8701151c137bab38_wannacry

    • Size

      5.0MB

    • MD5

      222f63098e8d51de8701151c137bab38

    • SHA1

      899450401bfd5cb2650be8f92435bd8e84b17a08

    • SHA256

      c8c319a1e3fd02d463fe556cd3017abb2a012a3cccfb4bcb95650e7b785a971e

    • SHA512

      ed0b0fe4616e57718a4a53ff1b7bbca71e9c94eb4486adb546da3d366e32e3af576b7bcb707c6a6889db5d6431dbac91e53f0b76c1d5bbbadcd08b2cc14cee25

    • SSDEEP

      49152:RnAQqMSPbcBVQej3qINRx+TSqTdX1HkQo6SA:1DqPoBhTqaRxcSUDk36SA

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3300) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Drops file in Drivers directory

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks