General

  • Target

    2024-09-16_6bd48b0bea8b99d88a97486351dff2e5_wannacry

  • Size

    5.0MB

  • Sample

    240916-tk427axaml

  • MD5

    6bd48b0bea8b99d88a97486351dff2e5

  • SHA1

    e0ce7a375fc3ae123c480f40a0b0ccaf39597f9f

  • SHA256

    12683643eb17733a7ca655f06db78388ea84a502c690173349bf6cc3c95bd291

  • SHA512

    086afd8ea2193fc7374193db6fbbff14c7f169318dfcfe3c254154eff663aa31aa43da32719e377ed4e40257bbe0dad25156584b474c70743d9c47506e3a7ed9

  • SSDEEP

    49152:2nAQqMSPbcBVQej/13n4bo3NCdRvWyXeX:yDqPoBhz10o3oWyu

Malware Config

Targets

    • Target

      2024-09-16_6bd48b0bea8b99d88a97486351dff2e5_wannacry

    • Size

      5.0MB

    • MD5

      6bd48b0bea8b99d88a97486351dff2e5

    • SHA1

      e0ce7a375fc3ae123c480f40a0b0ccaf39597f9f

    • SHA256

      12683643eb17733a7ca655f06db78388ea84a502c690173349bf6cc3c95bd291

    • SHA512

      086afd8ea2193fc7374193db6fbbff14c7f169318dfcfe3c254154eff663aa31aa43da32719e377ed4e40257bbe0dad25156584b474c70743d9c47506e3a7ed9

    • SSDEEP

      49152:2nAQqMSPbcBVQej/13n4bo3NCdRvWyXeX:yDqPoBhz10o3oWyu

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3236) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks