wannacry | 0490c8190425ceb2f3588cd8368bce81a0e2fa839642fe6ad06ae0034e37593c | Triage

Sharing

General

Target

cdd469842ed83be4a6a926526a9304ee_JaffaCakes118
Size

5.0MB
Sample

240831-3wa3xsserr
MD5

cdd469842ed83be4a6a926526a9304ee
SHA1

319e26d32ffb0143f5acfdcdbf4a407d127b5e12
SHA256

0490c8190425ceb2f3588cd8368bce81a0e2fa839642fe6ad06ae0034e37593c
SHA512

5ed14c34d1a95f286cacffbda8bbb2fcf316471ecee48c7d0b521d16ae8c81b7ddf2e63f51b023543270890341ca27b47959fa1ed41b1bb2ad7170374a48e9ff
SSDEEP

49152:RnnMSPbcBVQej/1INRx+TSqTdX1HkXhnv:1nPoBhz1aRxcSUDkXhv

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  cdd469842ed83be4a6a926526a9304ee_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  cdd469842ed83be4a6a926526a9304ee
- SHA1
  
  319e26d32ffb0143f5acfdcdbf4a407d127b5e12
- SHA256
  
  0490c8190425ceb2f3588cd8368bce81a0e2fa839642fe6ad06ae0034e37593c
- SHA512
  
  5ed14c34d1a95f286cacffbda8bbb2fcf316471ecee48c7d0b521d16ae8c81b7ddf2e63f51b023543270890341ca27b47959fa1ed41b1bb2ad7170374a48e9ff
- SSDEEP
  
  49152:RnnMSPbcBVQej/1INRx+TSqTdX1HkXhnv:1nPoBhz1aRxcSUDkXhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2118) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm