General

  • Target

    2024-09-17_2a4bceb90f5cfe83da4e3344a31341f5_wannacry

  • Size

    3.6MB

  • Sample

    240917-pldjeasepe

  • MD5

    2a4bceb90f5cfe83da4e3344a31341f5

  • SHA1

    1b9a9fa1cd2e95c3ac014df06f2392b8964daee4

  • SHA256

    c7e7c351bb813ceaf6047a0f94c7cd0a69291e15ea324f0a9440c1cbf8abba9f

  • SHA512

    e11c9475b237af52ca343f39117caffcaf6510f4f7ac2c49a03392c5881569084987e29ac8e6996acd2ec890089ceab82c7ed3bf1222f75e554ee440a1c7d5bc

  • SSDEEP

    98304:XDqPoBhz1aRxcSUDk36SAEdhB3R8yAVp2HI:XDqPe1Cxcxk3ZAE1R8yc4HI

Malware Config

Targets

    • Target

      2024-09-17_2a4bceb90f5cfe83da4e3344a31341f5_wannacry

    • Size

      3.6MB

    • MD5

      2a4bceb90f5cfe83da4e3344a31341f5

    • SHA1

      1b9a9fa1cd2e95c3ac014df06f2392b8964daee4

    • SHA256

      c7e7c351bb813ceaf6047a0f94c7cd0a69291e15ea324f0a9440c1cbf8abba9f

    • SHA512

      e11c9475b237af52ca343f39117caffcaf6510f4f7ac2c49a03392c5881569084987e29ac8e6996acd2ec890089ceab82c7ed3bf1222f75e554ee440a1c7d5bc

    • SSDEEP

      98304:XDqPoBhz1aRxcSUDk36SAEdhB3R8yAVp2HI:XDqPe1Cxcxk3ZAE1R8yc4HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3300) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks