wannacry | 64e400e6cde02b341e315d382551b26937b6afbe6cfd972dd5b51022bac119d0 | Triage

Sharing

General

Target

cebb64bfd042804239424fed482aa986_JaffaCakes118
Size

5.0MB
Sample

240906-frse3syanc
MD5

cebb64bfd042804239424fed482aa986
SHA1

c2c69f71f8937c420557913b7d332eb5247ec373
SHA256

64e400e6cde02b341e315d382551b26937b6afbe6cfd972dd5b51022bac119d0
SHA512

b61a92b078b8fb368415e4b8d95e1da0c9d16ac675bbebada0e6a45ad11bef6827d9672f7dfedb7fd6fa5f3153a660cddc00e2ae5136c64bd5df6965105002fe
SSDEEP

49152:RnvMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1vPoBhz1aRxcSUDk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  cebb64bfd042804239424fed482aa986_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  cebb64bfd042804239424fed482aa986
- SHA1
  
  c2c69f71f8937c420557913b7d332eb5247ec373
- SHA256
  
  64e400e6cde02b341e315d382551b26937b6afbe6cfd972dd5b51022bac119d0
- SHA512
  
  b61a92b078b8fb368415e4b8d95e1da0c9d16ac675bbebada0e6a45ad11bef6827d9672f7dfedb7fd6fa5f3153a660cddc00e2ae5136c64bd5df6965105002fe
- SSDEEP
  
  49152:RnvMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1vPoBhz1aRxcSUDk36SAEdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2142) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm