General

  • Target

    2024-09-17_f7eb4c9756c8b6fdc410768c03a44481_wannacry

  • Size

    5.0MB

  • Sample

    240917-qc92pathpd

  • MD5

    f7eb4c9756c8b6fdc410768c03a44481

  • SHA1

    ae7bf2af7451d3b771516a9f1747f6c37a685018

  • SHA256

    cbe965f77dfd641c071e6fdf133f761d6dbfab8340f500db284a1988bdb33efe

  • SHA512

    b3304bcbe977bdabe5d03c1934d71e51f9100ceb88dd19a1a3f51a643d5f3f522a37078eaee5b8f12163126424b8dbd79824094c730ef5c1957ad43afb179050

  • SSDEEP

    24576:ibLgdritdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626M+pSk+RdhAdmvR:in6MSPbcBVQej/1INRx+pARdhnv

Malware Config

Targets

    • Target

      2024-09-17_f7eb4c9756c8b6fdc410768c03a44481_wannacry

    • Size

      5.0MB

    • MD5

      f7eb4c9756c8b6fdc410768c03a44481

    • SHA1

      ae7bf2af7451d3b771516a9f1747f6c37a685018

    • SHA256

      cbe965f77dfd641c071e6fdf133f761d6dbfab8340f500db284a1988bdb33efe

    • SHA512

      b3304bcbe977bdabe5d03c1934d71e51f9100ceb88dd19a1a3f51a643d5f3f522a37078eaee5b8f12163126424b8dbd79824094c730ef5c1957ad43afb179050

    • SSDEEP

      24576:ibLgdritdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz6626M+pSk+RdhAdmvR:in6MSPbcBVQej/1INRx+pARdhnv

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3193) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks