wannacry | fdd3c5a24c3c139ffd155650fd0576a7d48d9fcaa56ff9d3ca1a546eacbe779b | Triage

Sharing

General

Target

d706a9ffe6b4a707f1297dae047dc1d8_JaffaCakes118
Size

5.0MB
Sample

240909-y1t95sxgmm
MD5

d706a9ffe6b4a707f1297dae047dc1d8
SHA1

ed38649b52a61bbf5016a1c30e3aa556556402e4
SHA256

fdd3c5a24c3c139ffd155650fd0576a7d48d9fcaa56ff9d3ca1a546eacbe779b
SHA512

877a21201019e48c95b8428ac71343e224e7986030d8673a67fe2a821820a18df054297a0fab1886fc637e5aa68f853d3b6e872feb3d7239a1c61e2d077d4c87
SSDEEP

98304:RDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:RDqPe1Cxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  d706a9ffe6b4a707f1297dae047dc1d8_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  d706a9ffe6b4a707f1297dae047dc1d8
- SHA1
  
  ed38649b52a61bbf5016a1c30e3aa556556402e4
- SHA256
  
  fdd3c5a24c3c139ffd155650fd0576a7d48d9fcaa56ff9d3ca1a546eacbe779b
- SHA512
  
  877a21201019e48c95b8428ac71343e224e7986030d8673a67fe2a821820a18df054297a0fab1886fc637e5aa68f853d3b6e872feb3d7239a1c61e2d077d4c87
- SSDEEP
  
  98304:RDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:RDqPe1Cxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3165) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm