General

  • Target

    2024-09-24_a8d7536f6de752058aaa0aebd72e228d_wannacry

  • Size

    5.0MB

  • Sample

    240924-lpfldszbrp

  • MD5

    a8d7536f6de752058aaa0aebd72e228d

  • SHA1

    76a5c61ddeccda5d1fb11c4e7d08bfa939bf34bc

  • SHA256

    6e3111878472c2c6380d1625ac84af9cde7c598bd3eda53fbad9d4022012d60a

  • SHA512

    e48f513732660032579b54893bb878114d3ee970ee09de71d2213bbb3baa139d9a9d0125d9f7683d41a0367d8faead2f56894b3f9d5a0267fa86e82bd7a397ed

  • SSDEEP

    98304:XDmPoBhuRxcSUDk36SAEdhvxWa9P593R8yAVp2:XDmPTxcxk3ZAEUadzR8yc4

Malware Config

Targets

    • Target

      2024-09-24_a8d7536f6de752058aaa0aebd72e228d_wannacry

    • Size

      5.0MB

    • MD5

      a8d7536f6de752058aaa0aebd72e228d

    • SHA1

      76a5c61ddeccda5d1fb11c4e7d08bfa939bf34bc

    • SHA256

      6e3111878472c2c6380d1625ac84af9cde7c598bd3eda53fbad9d4022012d60a

    • SHA512

      e48f513732660032579b54893bb878114d3ee970ee09de71d2213bbb3baa139d9a9d0125d9f7683d41a0367d8faead2f56894b3f9d5a0267fa86e82bd7a397ed

    • SSDEEP

      98304:XDmPoBhuRxcSUDk36SAEdhvxWa9P593R8yAVp2:XDmPTxcxk3ZAEUadzR8yc4

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3238) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks