General

  • Target

    2024092416e4a0fb712cfff0f959270ee68414d0wannacry

  • Size

    3.6MB

  • Sample

    240924-1alleswflr

  • MD5

    16e4a0fb712cfff0f959270ee68414d0

  • SHA1

    aac459cff105d7d605cd606bc955a118c3eb9cee

  • SHA256

    4e383b125699fb74b8b4b85c5e47ff4ed9634b6bb7d2bb3c76345d14bf0ce747

  • SHA512

    907ff24dff74963dda6c92b82102c516080129994cd189eb89c9bfefe26b4b08de30c29ab686d108ce2a6aed89d689616f648ca5c55a3b23198e08cd3f08ed80

  • SSDEEP

    98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9PbyAVp2HI:yDqPe1Cxcxk3ZAEUadbyc4HI

Malware Config

Targets

    • Target

      2024092416e4a0fb712cfff0f959270ee68414d0wannacry

    • Size

      3.6MB

    • MD5

      16e4a0fb712cfff0f959270ee68414d0

    • SHA1

      aac459cff105d7d605cd606bc955a118c3eb9cee

    • SHA256

      4e383b125699fb74b8b4b85c5e47ff4ed9634b6bb7d2bb3c76345d14bf0ce747

    • SHA512

      907ff24dff74963dda6c92b82102c516080129994cd189eb89c9bfefe26b4b08de30c29ab686d108ce2a6aed89d689616f648ca5c55a3b23198e08cd3f08ed80

    • SSDEEP

      98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9PbyAVp2HI:yDqPe1Cxcxk3ZAEUadbyc4HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3350) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks