wannacry | 64df13da1342eedbfc49140f060b31d0edbe095258261d3634368ea1cf55997f | Triage

Submit
Reports

Overview

overview

Static

static

3

d1e0f268f7...18.dll

windows7-x64

d1e0f268f7...18.dll

windows10-2004-x64

Sharing

General

Target

d1e0f268f7543bb14299fd5caa464bd5_JaffaCakes118
Size

5.0MB
Sample

240907-n4ghcatanj
MD5

d1e0f268f7543bb14299fd5caa464bd5
SHA1

008747abb2bb6d42d18d71ce8e1ec0fcfa4f64c3
SHA256

64df13da1342eedbfc49140f060b31d0edbe095258261d3634368ea1cf55997f
SHA512

40898a496c2339b03284c1799b2d7544e51d24e886cc323d061a0b0b3bfb134bc7235a2ca3659525b76d49d11ac10c87ff5cc02af0ee248367a0fd0b58603ed3
SSDEEP

98304:+DqPoBU1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPv1Cxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d1e0f268f7543bb14299fd5caa464bd5_JaffaCakes118.dll

Resource

win7-20240903-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1e0f268f7543bb14299fd5caa464bd5_JaffaCakes118.dll

Resource

win10v2004-20240802-en

wannacry discovery ransomware worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  d1e0f268f7543bb14299fd5caa464bd5_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  d1e0f268f7543bb14299fd5caa464bd5
- SHA1
  
  008747abb2bb6d42d18d71ce8e1ec0fcfa4f64c3
- SHA256
  
  64df13da1342eedbfc49140f060b31d0edbe095258261d3634368ea1cf55997f
- SHA512
  
  40898a496c2339b03284c1799b2d7544e51d24e886cc323d061a0b0b3bfb134bc7235a2ca3659525b76d49d11ac10c87ff5cc02af0ee248367a0fd0b58603ed3
- SSDEEP
  
  98304:+DqPoBU1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPv1Cxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3101) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy