General

  • Target

    2024-09-15_6be9406cceba812176b5b70d4953f75a_wannacry

  • Size

    5.0MB

  • Sample

    240915-lgm1hawgrd

  • MD5

    6be9406cceba812176b5b70d4953f75a

  • SHA1

    5567767e126a3124d7fae7ed2d710189b2cd0eed

  • SHA256

    19df98a49ebf8518b24eb002ce666525711aac86c1a07f1aa2a37dfb15c93aef

  • SHA512

    30d02e1d45233770a52da0e45e2fba5ac5b62a98737327278cd918b651fe824cb165aa06767f1687fe69fa20a9716fba84bf7a7bb01ebdc0d3e2512060ba9d95

  • SSDEEP

    49152:XnAQBSPbcBVQej/1INRx+TSqTdX1HkQo6:XDAoBhz1aRxcSUDk36

Malware Config

Targets

    • Target

      2024-09-15_6be9406cceba812176b5b70d4953f75a_wannacry

    • Size

      5.0MB

    • MD5

      6be9406cceba812176b5b70d4953f75a

    • SHA1

      5567767e126a3124d7fae7ed2d710189b2cd0eed

    • SHA256

      19df98a49ebf8518b24eb002ce666525711aac86c1a07f1aa2a37dfb15c93aef

    • SHA512

      30d02e1d45233770a52da0e45e2fba5ac5b62a98737327278cd918b651fe824cb165aa06767f1687fe69fa20a9716fba84bf7a7bb01ebdc0d3e2512060ba9d95

    • SSDEEP

      49152:XnAQBSPbcBVQej/1INRx+TSqTdX1HkQo6:XDAoBhz1aRxcSUDk36

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3171) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks