General

  • Target

    2024-09-25_fe5072ac417a83f57144ba1d495978dc_wannacry

  • Size

    5.0MB

  • Sample

    240925-l6gj1ssfmf

  • MD5

    fe5072ac417a83f57144ba1d495978dc

  • SHA1

    f603a57fccd345ec07aaa222296215a0a89b5fb4

  • SHA256

    87b999f41b6503e280b7ab292737de2fb2cf0b35da1e02cbfafde20671690dad

  • SHA512

    47811d8cdc9114d6001c3793ac36ae91fd400584c4a7c34c0ee186fda136a7a891effa609a53c7d47cdff247f4c1bb77c3c881b6580737ab54b47b549a52d6a2

  • SSDEEP

    49152:XnAQqMSPbcBVQej/1INfrHV7YoG/QCnV:XDqPoBhz1a1Yod8V

Malware Config

Targets

    • Target

      2024-09-25_fe5072ac417a83f57144ba1d495978dc_wannacry

    • Size

      5.0MB

    • MD5

      fe5072ac417a83f57144ba1d495978dc

    • SHA1

      f603a57fccd345ec07aaa222296215a0a89b5fb4

    • SHA256

      87b999f41b6503e280b7ab292737de2fb2cf0b35da1e02cbfafde20671690dad

    • SHA512

      47811d8cdc9114d6001c3793ac36ae91fd400584c4a7c34c0ee186fda136a7a891effa609a53c7d47cdff247f4c1bb77c3c881b6580737ab54b47b549a52d6a2

    • SSDEEP

      49152:XnAQqMSPbcBVQej/1INfrHV7YoG/QCnV:XDqPoBhz1a1Yod8V

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3232) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks