General

  • Target

    2024-09-23_0eda907285c2f7c50aefe1bd98e60490_wannacry

  • Size

    5.0MB

  • Sample

    240923-pll6jswenk

  • MD5

    0eda907285c2f7c50aefe1bd98e60490

  • SHA1

    358d56f9ff98ce04ece183a0c32e02dc573a615b

  • SHA256

    7f880e0dbb223e09202984067cc46434461bb5f0816c422c156a6fb2d139408c

  • SHA512

    152e1296c942f8b07868cf17e15fa87b95ad977c9831aabd1b608d4d3ee71c252cb7f9b396127642f79f10e2c18be2a814b8e35911f92ea48e2f9d97481599d3

  • SSDEEP

    98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9PbyAVp2H:yDqPe1Cxcxk3ZAEUadbyc4H

Malware Config

Targets

    • Target

      2024-09-23_0eda907285c2f7c50aefe1bd98e60490_wannacry

    • Size

      5.0MB

    • MD5

      0eda907285c2f7c50aefe1bd98e60490

    • SHA1

      358d56f9ff98ce04ece183a0c32e02dc573a615b

    • SHA256

      7f880e0dbb223e09202984067cc46434461bb5f0816c422c156a6fb2d139408c

    • SHA512

      152e1296c942f8b07868cf17e15fa87b95ad977c9831aabd1b608d4d3ee71c252cb7f9b396127642f79f10e2c18be2a814b8e35911f92ea48e2f9d97481599d3

    • SSDEEP

      98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9PbyAVp2H:yDqPe1Cxcxk3ZAEUadbyc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3275) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks