General
-
Target
2024-08-21_3cd64c9048ab9f41ab1cac98739fa8d7_wannacry
-
Size
5.0MB
-
Sample
240821-jgxhtswhjh
-
MD5
3cd64c9048ab9f41ab1cac98739fa8d7
-
SHA1
07d96f46f1e2a0d1e5d9274c65004617307e7974
-
SHA256
a65e3242d21daa40e0d98927f22755a4718b0116bc9dce5f2894f5603c88c0fe
-
SHA512
c5ad9af07b8631b6555bc160d3ec2db577746a98c270ce9813e195da9206b0b63c44e5e37549ca49bf227f447bdfc1b1005675e88974780c83ff24a0cb9b1e6d
-
SSDEEP
6144:SE9l9ynqIYVTH5DgSg8ajldktM0XXrP2QhMV9qb:SebLgPlu+QhMb
Malware Config
Targets
-
-
Target
2024-08-21_3cd64c9048ab9f41ab1cac98739fa8d7_wannacry
-
Size
5.0MB
-
MD5
3cd64c9048ab9f41ab1cac98739fa8d7
-
SHA1
07d96f46f1e2a0d1e5d9274c65004617307e7974
-
SHA256
a65e3242d21daa40e0d98927f22755a4718b0116bc9dce5f2894f5603c88c0fe
-
SHA512
c5ad9af07b8631b6555bc160d3ec2db577746a98c270ce9813e195da9206b0b63c44e5e37549ca49bf227f447bdfc1b1005675e88974780c83ff24a0cb9b1e6d
-
SSDEEP
6144:SE9l9ynqIYVTH5DgSg8ajldktM0XXrP2QhMV9qb:SebLgPlu+QhMb
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3271) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1