General

  • Target

    2024-09-23_805037e703c6da6193619e142ab5814e_wannacry

  • Size

    5.0MB

  • Sample

    240923-p7zzjazhmb

  • MD5

    805037e703c6da6193619e142ab5814e

  • SHA1

    a665331fe49d17b030d02e4010d592154e031ab4

  • SHA256

    644e69842dc717c1e7a0266071840a1506716b0b60510af1be22c8b01ef5dda3

  • SHA512

    5de8249b7b7d9b035c10b8d42aad3cbc32b1aab033c45b2f6a1787a496748cb79a360af7dcc681e804b97c90a736ee7f232fe0496d751683c7bc36c71e35a71b

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:yDqPoBhz1aRxcSUDk36SAEdhvxWa9

Malware Config

Targets

    • Target

      2024-09-23_805037e703c6da6193619e142ab5814e_wannacry

    • Size

      5.0MB

    • MD5

      805037e703c6da6193619e142ab5814e

    • SHA1

      a665331fe49d17b030d02e4010d592154e031ab4

    • SHA256

      644e69842dc717c1e7a0266071840a1506716b0b60510af1be22c8b01ef5dda3

    • SHA512

      5de8249b7b7d9b035c10b8d42aad3cbc32b1aab033c45b2f6a1787a496748cb79a360af7dcc681e804b97c90a736ee7f232fe0496d751683c7bc36c71e35a71b

    • SSDEEP

      49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:yDqPoBhz1aRxcSUDk36SAEdhvxWa9

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3239) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks