wannacry | 8ffcc92790fd2594db8fd0f6fe5716ba694dff01df2638bd0eb0d63dbda55143 | Triage

Submit
Reports

Overview

overview

Static

static

3

c417bfff53...18.dll

windows7-x64

c417bfff53...18.dll

windows10-2004-x64

Sharing

General

Target

c417bfff535fd0752037f1037ca0703a_JaffaCakes118
Size

5.0MB
Sample

240827-a2562atgjh
MD5

c417bfff535fd0752037f1037ca0703a
SHA1

c9c91fd6cb67b0ae332e2baaa698c0403e11ca7c
SHA256

8ffcc92790fd2594db8fd0f6fe5716ba694dff01df2638bd0eb0d63dbda55143
SHA512

17b0be134dbfccd831a1900dfff4ef6b4067f52db282780504a38df372bf0852fcb1153981253e3532428679d9a2a9b7f5c1904019934a17309ad478ca0113b2
SSDEEP

49152:SnjQqMSPbcBVQej/1INRx+TSqTfdhkvxJM0H9ZFMEcaEauvAH1plAH:+8qPoBhz1aRxcSUfdhMxWa9M9vAVp2H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c417bfff535fd0752037f1037ca0703a_JaffaCakes118.dll

Resource

win7-20240704-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c417bfff535fd0752037f1037ca0703a_JaffaCakes118.dll

Resource

win10v2004-20240802-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  c417bfff535fd0752037f1037ca0703a_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  c417bfff535fd0752037f1037ca0703a
- SHA1
  
  c9c91fd6cb67b0ae332e2baaa698c0403e11ca7c
- SHA256
  
  8ffcc92790fd2594db8fd0f6fe5716ba694dff01df2638bd0eb0d63dbda55143
- SHA512
  
  17b0be134dbfccd831a1900dfff4ef6b4067f52db282780504a38df372bf0852fcb1153981253e3532428679d9a2a9b7f5c1904019934a17309ad478ca0113b2
- SSDEEP
  
  49152:SnjQqMSPbcBVQej/1INRx+TSqTfdhkvxJM0H9ZFMEcaEauvAH1plAH:+8qPoBhz1aRxcSUfdhMxWa9M9vAVp2H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3324) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy