General

  • Target

    20240921b95243220aa617693473607bc19abb96wannacry

  • Size

    5.0MB

  • Sample

    240921-t478yssfjl

  • MD5

    b95243220aa617693473607bc19abb96

  • SHA1

    76b44dcd892631abf333f2af974e31050904c5d1

  • SHA256

    b63dc254747411d06eba34643943a32b0fe5feaca4163601cd0e1e3adcbd7b02

  • SHA512

    f502eb2e4a09cb553006acc011ed608a4bdeb3adacf588ffec1d09657404a430de20dff54751013b4e38422dfa0655a635adef4d38ea97a78c936f40b0c9773d

  • SSDEEP

    98304:yDqPolz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:yDqPw1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      20240921b95243220aa617693473607bc19abb96wannacry

    • Size

      5.0MB

    • MD5

      b95243220aa617693473607bc19abb96

    • SHA1

      76b44dcd892631abf333f2af974e31050904c5d1

    • SHA256

      b63dc254747411d06eba34643943a32b0fe5feaca4163601cd0e1e3adcbd7b02

    • SHA512

      f502eb2e4a09cb553006acc011ed608a4bdeb3adacf588ffec1d09657404a430de20dff54751013b4e38422dfa0655a635adef4d38ea97a78c936f40b0c9773d

    • SSDEEP

      98304:yDqPolz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:yDqPw1Cxcxk3ZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3316) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks