General

  • Target

    2024-09-15_29f56f075282ac454d41e8ccc86399de_wannacry

  • Size

    3.6MB

  • Sample

    240915-qq5dcsvgqg

  • MD5

    29f56f075282ac454d41e8ccc86399de

  • SHA1

    3ef1c72d42409761378acd45eb9c7dac0924e1bb

  • SHA256

    30e6809016f411cd25fed048adef4ec4f728db6f75538518afd64c2dfc2dd0c4

  • SHA512

    31e49197e3ca6cefdcc4a2c993deb8aa8f1ca0f281aaec24dde6d819afb7478160011088cae612a84f1b0446c456f95ccbfcfce1afcec7af364d465cf3770720

  • SSDEEP

    98304:yDqPoBhz1aRxcSUDk36SAEdhv259Uc/YFQ:yDqPe1Cxcxk3ZAEKvX

Malware Config

Targets

    • Target

      2024-09-15_29f56f075282ac454d41e8ccc86399de_wannacry

    • Size

      3.6MB

    • MD5

      29f56f075282ac454d41e8ccc86399de

    • SHA1

      3ef1c72d42409761378acd45eb9c7dac0924e1bb

    • SHA256

      30e6809016f411cd25fed048adef4ec4f728db6f75538518afd64c2dfc2dd0c4

    • SHA512

      31e49197e3ca6cefdcc4a2c993deb8aa8f1ca0f281aaec24dde6d819afb7478160011088cae612a84f1b0446c456f95ccbfcfce1afcec7af364d465cf3770720

    • SSDEEP

      98304:yDqPoBhz1aRxcSUDk36SAEdhv259Uc/YFQ:yDqPe1Cxcxk3ZAEKvX

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3328) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks