General

  • Target

    2024-09-20_1e05da24ee21b67a07bbcae3b185a229_wannacry

  • Size

    5.0MB

  • Sample

    240920-pklhmawcnd

  • MD5

    1e05da24ee21b67a07bbcae3b185a229

  • SHA1

    fe2b70ec86c10a74200d97eade5f282ae139a5f1

  • SHA256

    6668ff2ee61d8d20938d8f9aefa2dfd3f441e4609a9e4a74328ef941ea90dbc7

  • SHA512

    e9433a456be4d4b95fb54f397a27bb5ff5b3767c2e7f136c306152e934bed7193a2c7e9d90286d96956919a4b1a92dd62885ef146090970010589f56531a230d

  • SSDEEP

    98304:ZDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2:ZDqPe1Cxcxk3ZAEUadzR8yc4

Malware Config

Targets

    • Target

      2024-09-20_1e05da24ee21b67a07bbcae3b185a229_wannacry

    • Size

      5.0MB

    • MD5

      1e05da24ee21b67a07bbcae3b185a229

    • SHA1

      fe2b70ec86c10a74200d97eade5f282ae139a5f1

    • SHA256

      6668ff2ee61d8d20938d8f9aefa2dfd3f441e4609a9e4a74328ef941ea90dbc7

    • SHA512

      e9433a456be4d4b95fb54f397a27bb5ff5b3767c2e7f136c306152e934bed7193a2c7e9d90286d96956919a4b1a92dd62885ef146090970010589f56531a230d

    • SSDEEP

      98304:ZDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2:ZDqPe1Cxcxk3ZAEUadzR8yc4

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3345) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks