General

  • Target

    2024-09-16_0c7bb73160f9cded187c945480cc8a65_wannacry

  • Size

    5.0MB

  • Sample

    240916-thb9dswgrp

  • MD5

    0c7bb73160f9cded187c945480cc8a65

  • SHA1

    50d6ec1637e670ff6fcea1b0f89b2249c80059f2

  • SHA256

    c9eabad4f9132602f056038db24a6511e306b4de92b1ab5695d08cc53aec688a

  • SHA512

    a9611dd3e1a14aaa25f8d9dfcf05551217203ed5fb1bfb096e0a967e3b248799d3f731c8d21c73066abe7e20a375b1446c3132bdb4bb1a0b6e59d7989a0d2a5e

  • SSDEEP

    6144:eE9l9ynRIYVTH5DgSgNajldktM0XXrfIagQhM:e1bLgmluftgQhM

Malware Config

Targets

    • Target

      2024-09-16_0c7bb73160f9cded187c945480cc8a65_wannacry

    • Size

      5.0MB

    • MD5

      0c7bb73160f9cded187c945480cc8a65

    • SHA1

      50d6ec1637e670ff6fcea1b0f89b2249c80059f2

    • SHA256

      c9eabad4f9132602f056038db24a6511e306b4de92b1ab5695d08cc53aec688a

    • SHA512

      a9611dd3e1a14aaa25f8d9dfcf05551217203ed5fb1bfb096e0a967e3b248799d3f731c8d21c73066abe7e20a375b1446c3132bdb4bb1a0b6e59d7989a0d2a5e

    • SSDEEP

      6144:eE9l9ynRIYVTH5DgSgNajldktM0XXrfIagQhM:e1bLgmluftgQhM

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3210) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks