General

  • Target

    2024-09-10_5872b8421de8c1c3303b68f417147472_wannacry

  • Size

    5.0MB

  • Sample

    240910-mv2w9a1gle

  • MD5

    5872b8421de8c1c3303b68f417147472

  • SHA1

    3d2b152d138c28f90f7d6e09393d411e0b587b45

  • SHA256

    48d91d9c245d138bddaebe5bc4d23f4cc2f1ba65d52bed8ffe2b90fe53901d49

  • SHA512

    b359edb35735de58f475e4af18fbeddd395abe47e6e0e391cdca895d03dc38a6761b655bda1bb18043baae1d581e71f9995042ba156000507985eb231955b72b

  • SSDEEP

    98304:N8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:N8qPe1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      2024-09-10_5872b8421de8c1c3303b68f417147472_wannacry

    • Size

      5.0MB

    • MD5

      5872b8421de8c1c3303b68f417147472

    • SHA1

      3d2b152d138c28f90f7d6e09393d411e0b587b45

    • SHA256

      48d91d9c245d138bddaebe5bc4d23f4cc2f1ba65d52bed8ffe2b90fe53901d49

    • SHA512

      b359edb35735de58f475e4af18fbeddd395abe47e6e0e391cdca895d03dc38a6761b655bda1bb18043baae1d581e71f9995042ba156000507985eb231955b72b

    • SSDEEP

      98304:N8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:N8qPe1Cxcxk3ZAEUadzR8yc4H

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3209) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Drops file in Drivers directory

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks