General

  • Target

    2024-09-27_0e0815e51fc07dca36d2d4f79f067f88_wannacry

  • Size

    3.6MB

  • Sample

    240927-m44r7ssakd

  • MD5

    0e0815e51fc07dca36d2d4f79f067f88

  • SHA1

    8001c4ecc10d4dc0316c52d43524e48c56db33ba

  • SHA256

    25d74725e84fb3dbf926ca541b085a66d40467fc8e6c9b15cebb225a3e190942

  • SHA512

    bba7af9f6033745d877c9c3a2c3c9dfb6f03631a060dd6c5647d3f38fa2d66f87c0999e2c517617006976fa12fd64bfc0a247372ed77e1ffdfb24af3d7afc2ca

  • SSDEEP

    98304:XDqPoBhz1aRxcSUDk36SAEdhNh8R3enz5yMy5KUfVRX/YXJ/Ho0IUGL0uL:XDqPe1Cxcxk3ZAEP8R3A5y35jNRvYXJo

Malware Config

Targets

    • Target

      2024-09-27_0e0815e51fc07dca36d2d4f79f067f88_wannacry

    • Size

      3.6MB

    • MD5

      0e0815e51fc07dca36d2d4f79f067f88

    • SHA1

      8001c4ecc10d4dc0316c52d43524e48c56db33ba

    • SHA256

      25d74725e84fb3dbf926ca541b085a66d40467fc8e6c9b15cebb225a3e190942

    • SHA512

      bba7af9f6033745d877c9c3a2c3c9dfb6f03631a060dd6c5647d3f38fa2d66f87c0999e2c517617006976fa12fd64bfc0a247372ed77e1ffdfb24af3d7afc2ca

    • SSDEEP

      98304:XDqPoBhz1aRxcSUDk36SAEdhNh8R3enz5yMy5KUfVRX/YXJ/Ho0IUGL0uL:XDqPe1Cxcxk3ZAEP8R3A5y35jNRvYXJo

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3306) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks