General

  • Target

    2024-09-23_6799532f6271eb4f670ffbd22c1c33cb_wannacry

  • Size

    5.0MB

  • Sample

    240923-ppz7kszeja

  • MD5

    6799532f6271eb4f670ffbd22c1c33cb

  • SHA1

    f4abf7f57a00b7c33b45a8cd4086e7958915d779

  • SHA256

    902368b4b1713980895725102437d013420fe0dba9fa5011660aee1e7b1a2ffb

  • SHA512

    6debe0f93f5e5af67dcc8cd5ac161cb507d9ae74cab2ac54d393c7abed177d5886e698ff79736c22967b23f5f0daa8fcf29bcd6a7603c2f8fa6c839ed76cd494

  • SSDEEP

    49152:XnAQqMSPbcBVQej/1INR+ktYMcTh8Yab3P62asCIJ/bEu:XDqPoBhz1aR+ktYBTCY2y2avY/gu

Malware Config

Targets

    • Target

      2024-09-23_6799532f6271eb4f670ffbd22c1c33cb_wannacry

    • Size

      5.0MB

    • MD5

      6799532f6271eb4f670ffbd22c1c33cb

    • SHA1

      f4abf7f57a00b7c33b45a8cd4086e7958915d779

    • SHA256

      902368b4b1713980895725102437d013420fe0dba9fa5011660aee1e7b1a2ffb

    • SHA512

      6debe0f93f5e5af67dcc8cd5ac161cb507d9ae74cab2ac54d393c7abed177d5886e698ff79736c22967b23f5f0daa8fcf29bcd6a7603c2f8fa6c839ed76cd494

    • SSDEEP

      49152:XnAQqMSPbcBVQej/1INR+ktYMcTh8Yab3P62asCIJ/bEu:XDqPoBhz1aR+ktYBTCY2y2avY/gu

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3317) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks