wannacry | 112e56e847cba5a99b27f27ef85a139cb0da7698a3f7348e4cb261c49f58008c | Triage

Sharing

General

Target

2024-09-08_f0acf4e35389e8ea767b4861cb6e96fd_wannacry
Size

2.2MB
Sample

240908-kjew8sycqh
MD5

f0acf4e35389e8ea767b4861cb6e96fd
SHA1

0e8c75e9df09b65d61882d70c9af55d50c7eef4e
SHA256

112e56e847cba5a99b27f27ef85a139cb0da7698a3f7348e4cb261c49f58008c
SHA512

78c30228db6409c5a707fcbd3f7a7868c08bcfa85906d1394967ce3091c738093a5b74167222f1cb57be34420caec65daa4699dcbf96faa57af8223113ccdc88
SSDEEP

49152:AnpEjbcBVQej31INRx+TSqTdX1HkQo6SAARdhnvn:ApUoBhT1aRxcSUDk36SAEdhvn

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-09-08_f0acf4e35389e8ea767b4861cb6e96fd_wannacry
- Size
  
  2.2MB
- MD5
  
  f0acf4e35389e8ea767b4861cb6e96fd
- SHA1
  
  0e8c75e9df09b65d61882d70c9af55d50c7eef4e
- SHA256
  
  112e56e847cba5a99b27f27ef85a139cb0da7698a3f7348e4cb261c49f58008c
- SHA512
  
  78c30228db6409c5a707fcbd3f7a7868c08bcfa85906d1394967ce3091c738093a5b74167222f1cb57be34420caec65daa4699dcbf96faa57af8223113ccdc88
- SSDEEP
  
  49152:AnpEjbcBVQej31INRx+TSqTdX1HkQo6SAARdhnvn:ApUoBhT1aRxcSUDk36SAEdhvn
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2630) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm