General

  • Target

    2024-09-25_548980a80b5773f7d67b3694aeed9383_wannacry

  • Size

    5.0MB

  • Sample

    240925-ltd85a1hrb

  • MD5

    548980a80b5773f7d67b3694aeed9383

  • SHA1

    c4d2f84e603cbd12bfc8c47a29ca97a1a6271525

  • SHA256

    ac979d78ccdba5fc517f937030995a0e5c498ec25631de5f00c6b92f0b107f22

  • SHA512

    2422619abbca10f4d4f57a0eb839e32e6698e55c795694fa364c1d3315646bfb0a24896e36fa6087c4713df253167fe5cec126685f8b608593b608c4c292ab61

  • SSDEEP

    49152:2nAQqMSPbcBVQejU+TSqTdX1HkQo6SAANvc:yDqPoBhwcSUDk36SA

Malware Config

Targets

    • Target

      2024-09-25_548980a80b5773f7d67b3694aeed9383_wannacry

    • Size

      5.0MB

    • MD5

      548980a80b5773f7d67b3694aeed9383

    • SHA1

      c4d2f84e603cbd12bfc8c47a29ca97a1a6271525

    • SHA256

      ac979d78ccdba5fc517f937030995a0e5c498ec25631de5f00c6b92f0b107f22

    • SHA512

      2422619abbca10f4d4f57a0eb839e32e6698e55c795694fa364c1d3315646bfb0a24896e36fa6087c4713df253167fe5cec126685f8b608593b608c4c292ab61

    • SSDEEP

      49152:2nAQqMSPbcBVQejU+TSqTdX1HkQo6SAANvc:yDqPoBhwcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3222) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks