General

  • Target

    2024-09-25_d760d731f0a4d0350388f398076ba4a3_wannacry

  • Size

    5.0MB

  • Sample

    240925-l3bjlayhnn

  • MD5

    d760d731f0a4d0350388f398076ba4a3

  • SHA1

    322aaa718eaa55672493cd1eaea7fdb1d2099149

  • SHA256

    e44f080cb3b9c063f7445214f91ab3aa6bd8d78e916f19ae25784ae1cd14ff21

  • SHA512

    c2a801c8ef1389d84629cf19a551a6cc65cecd1a47ff9ed7743303e242459af238337559e49316ebf484081118c9bdc529999bf0f818c4ab2eb6ea2bdcbc53f5

  • SSDEEP

    49152:VnjQqMSPbcBV8Rx+TSqTdX1HkQo6SAARdhnvEAME:Z8qPoBeRxcSUDk36SAEdhvE5

Malware Config

Targets

    • Target

      2024-09-25_d760d731f0a4d0350388f398076ba4a3_wannacry

    • Size

      5.0MB

    • MD5

      d760d731f0a4d0350388f398076ba4a3

    • SHA1

      322aaa718eaa55672493cd1eaea7fdb1d2099149

    • SHA256

      e44f080cb3b9c063f7445214f91ab3aa6bd8d78e916f19ae25784ae1cd14ff21

    • SHA512

      c2a801c8ef1389d84629cf19a551a6cc65cecd1a47ff9ed7743303e242459af238337559e49316ebf484081118c9bdc529999bf0f818c4ab2eb6ea2bdcbc53f5

    • SSDEEP

      49152:VnjQqMSPbcBV8Rx+TSqTdX1HkQo6SAARdhnvEAME:Z8qPoBeRxcSUDk36SAEdhvE5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3256) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks