General

  • Target

    2024-09-24_6da447e2d8b91aae7fc416d0fe34c598_wannacry

  • Size

    3.6MB

  • Sample

    240924-wbe3tawdlm

  • MD5

    6da447e2d8b91aae7fc416d0fe34c598

  • SHA1

    bf95af17d8f25629613594f38a352d178a50eda5

  • SHA256

    d78f3c65fc376d675af5c47382a191efdbeacd577b343f7a458fd0e18f7c9831

  • SHA512

    4158fe5a35144acb3fc5dc9d9d1dc8410e0d9713b16692bf003b0ada02874d8e1353b99d62d3d9516f3ac97c6b102bf5a753f4352eeeb9699cbce5f45acb5129

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9LEau:yDqPoBhz1aRxcSUDk36SAEdhvxWa9y

Malware Config

Targets

    • Target

      2024-09-24_6da447e2d8b91aae7fc416d0fe34c598_wannacry

    • Size

      3.6MB

    • MD5

      6da447e2d8b91aae7fc416d0fe34c598

    • SHA1

      bf95af17d8f25629613594f38a352d178a50eda5

    • SHA256

      d78f3c65fc376d675af5c47382a191efdbeacd577b343f7a458fd0e18f7c9831

    • SHA512

      4158fe5a35144acb3fc5dc9d9d1dc8410e0d9713b16692bf003b0ada02874d8e1353b99d62d3d9516f3ac97c6b102bf5a753f4352eeeb9699cbce5f45acb5129

    • SSDEEP

      49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9LEau:yDqPoBhz1aRxcSUDk36SAEdhvxWa9y

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3305) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks