General

  • Target

    2024-09-23_cb34ea0955090d2b288b0bf504a5b75f_wannacry

  • Size

    5.0MB

  • Sample

    240923-pwdl6awglk

  • MD5

    cb34ea0955090d2b288b0bf504a5b75f

  • SHA1

    e37a5974ea964fd49ac1305a4722e15790a33f31

  • SHA256

    a48785ef0fdaa1d2754a994d4780e216c890a4e64160392b6405e3a433bc2423

  • SHA512

    d1c4c75a86d821e6687650b614f9a0ba6ce9c24a6732e2d41a31820626494ebfcf2f40dd7b68f8023a03b7a458144a2be9782747e3e119374873dd9d993a94da

  • SSDEEP

    49152:QnTMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:QTPoBhz1aRxcSUDk36SAEdhv

Malware Config

Targets

    • Target

      2024-09-23_cb34ea0955090d2b288b0bf504a5b75f_wannacry

    • Size

      5.0MB

    • MD5

      cb34ea0955090d2b288b0bf504a5b75f

    • SHA1

      e37a5974ea964fd49ac1305a4722e15790a33f31

    • SHA256

      a48785ef0fdaa1d2754a994d4780e216c890a4e64160392b6405e3a433bc2423

    • SHA512

      d1c4c75a86d821e6687650b614f9a0ba6ce9c24a6732e2d41a31820626494ebfcf2f40dd7b68f8023a03b7a458144a2be9782747e3e119374873dd9d993a94da

    • SSDEEP

      49152:QnTMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:QTPoBhz1aRxcSUDk36SAEdhv

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3299) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks