General

  • Target

    2024-09-26_50da0f64d895b4555e668c1362df946f_wannacry

  • Size

    5.0MB

  • Sample

    240926-l4rxzatgqa

  • MD5

    50da0f64d895b4555e668c1362df946f

  • SHA1

    bd74958ec93029ecfcca361f3ca8110b37915712

  • SHA256

    18ef00980c8ba3d354695b81e823b6dbe400ce017ae381107bd3824e54990253

  • SHA512

    7f6a19281c4fa9830c26ef8d6b4f6dfbd9534c41988b3e462fb7ad2ed2329c17596c990ac254ec1e3e03f56f88c819fb41b48b9d2c7d546bb7c5ddea139e8cf3

  • SSDEEP

    12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7Tw+K+DHeQYSUjEXFh:2bLgddQhfdmMSirYbcMNgef0QeQjG

Malware Config

Targets

    • Target

      2024-09-26_50da0f64d895b4555e668c1362df946f_wannacry

    • Size

      5.0MB

    • MD5

      50da0f64d895b4555e668c1362df946f

    • SHA1

      bd74958ec93029ecfcca361f3ca8110b37915712

    • SHA256

      18ef00980c8ba3d354695b81e823b6dbe400ce017ae381107bd3824e54990253

    • SHA512

      7f6a19281c4fa9830c26ef8d6b4f6dfbd9534c41988b3e462fb7ad2ed2329c17596c990ac254ec1e3e03f56f88c819fb41b48b9d2c7d546bb7c5ddea139e8cf3

    • SSDEEP

      12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7Tw+K+DHeQYSUjEXFh:2bLgddQhfdmMSirYbcMNgef0QeQjG

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3345) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks