Resubmissions

23-09-2024 08:02

240923-jw8jmszdrm 10

23-09-2024 07:55

240923-jr3slazdkl 10

General

  • Target

    2024-09-23_407ae9c5b340c881ea1f32f283422057_wannacry

  • Size

    3.6MB

  • Sample

    240923-jw8jmszdrm

  • MD5

    407ae9c5b340c881ea1f32f283422057

  • SHA1

    37dbd712c948a1c1a545347297bb7677234fc259

  • SHA256

    72365c4e88e9f461f930becfceb13c09901ad5fb51e96c08174357d855819710

  • SHA512

    5df17c4dccc178b2313a6365218dfdb8c916fb6dce8f2729209949d8565629da1f96b8a8c1e98d1656d837a327d7bf8ac4558ab2c4eeac1dacfa93831e194df2

  • SSDEEP

    49152:2nAQqMSPbcBVQej/OANR2Qo6SAARdhnv:yDqPoBhzOyR236SAEdhv

Malware Config

Targets

    • Target

      2024-09-23_407ae9c5b340c881ea1f32f283422057_wannacry

    • Size

      3.6MB

    • MD5

      407ae9c5b340c881ea1f32f283422057

    • SHA1

      37dbd712c948a1c1a545347297bb7677234fc259

    • SHA256

      72365c4e88e9f461f930becfceb13c09901ad5fb51e96c08174357d855819710

    • SHA512

      5df17c4dccc178b2313a6365218dfdb8c916fb6dce8f2729209949d8565629da1f96b8a8c1e98d1656d837a327d7bf8ac4558ab2c4eeac1dacfa93831e194df2

    • SSDEEP

      49152:2nAQqMSPbcBVQej/OANR2Qo6SAARdhnv:yDqPoBhzOyR236SAEdhv

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3288) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks