General

  • Target

    2024-09-16_aa5bc032da70494dd21a5c90fb4f1185_wannacry

  • Size

    5.0MB

  • Sample

    240916-tz2klsxgrr

  • MD5

    aa5bc032da70494dd21a5c90fb4f1185

  • SHA1

    396089388bcb4225127b84e9d393de73609920df

  • SHA256

    95339d3c4a59b43b301383a0295f47da2236c9ed459b36a8472588a87a3ce6d1

  • SHA512

    8a1155a3b5d45603d7f798c0392af3eea6a8e28c9774dbb8dc3bddf5ffd308d452ed8ea1847f9910dad77f533952de9b7d5d08e8a9107a9bc85298e0b6076a06

  • SSDEEP

    12288:GwbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcbckPU82:VbLgdeQhfdmMSirYbcM

Malware Config

Targets

    • Target

      2024-09-16_aa5bc032da70494dd21a5c90fb4f1185_wannacry

    • Size

      5.0MB

    • MD5

      aa5bc032da70494dd21a5c90fb4f1185

    • SHA1

      396089388bcb4225127b84e9d393de73609920df

    • SHA256

      95339d3c4a59b43b301383a0295f47da2236c9ed459b36a8472588a87a3ce6d1

    • SHA512

      8a1155a3b5d45603d7f798c0392af3eea6a8e28c9774dbb8dc3bddf5ffd308d452ed8ea1847f9910dad77f533952de9b7d5d08e8a9107a9bc85298e0b6076a06

    • SSDEEP

      12288:GwbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcbckPU82:VbLgdeQhfdmMSirYbcM

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3037) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks