Overview

overview

10

Static

static

3

20240909be...ry.exe

windows7-x64

10

20240909be...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20240909beb9190e2e3b310244da0aed84bd5fb7wannacry

  • Size

    3.6MB

  • Sample

    240909-wdj5jstckb

  • MD5

    beb9190e2e3b310244da0aed84bd5fb7

  • SHA1

    c1d3765cd3e679955dc807c1a3f7dba3dd3ba71c

  • SHA256

    fec124e70200ff4e2efe145e9769cd136dd76464a7fd0d14506e8cf9782033e4

  • SHA512

    fa5b7e69ee677c22b87b1db18861d31acfef533b0f6713aeb03f0237520e928726cf8d3107e39d3027064cfb00b3b1161af12afc08ff09508eca4d6e969ff6ba

  • SSDEEP

    98304:t8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H1:t8qPe1Cxcxk3ZAEUadzR8yc4H1

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      20240909beb9190e2e3b310244da0aed84bd5fb7wannacry

    • Size

      3.6MB

    • MD5

      beb9190e2e3b310244da0aed84bd5fb7

    • SHA1

      c1d3765cd3e679955dc807c1a3f7dba3dd3ba71c

    • SHA256

      fec124e70200ff4e2efe145e9769cd136dd76464a7fd0d14506e8cf9782033e4

    • SHA512

      fa5b7e69ee677c22b87b1db18861d31acfef533b0f6713aeb03f0237520e928726cf8d3107e39d3027064cfb00b3b1161af12afc08ff09508eca4d6e969ff6ba

    • SSDEEP

      98304:t8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H1:t8qPe1Cxcxk3ZAEUadzR8yc4H1

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3264) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks