wannacry | c8e3cd3b48afa202c64dbeaba8b6601de20118a30b72f135c50b44c8b983a0c2 | Triage

Sharing

General

Target

2024-09-27_032b8ac455feba384216e5368c7396f4_wannacry
Size

3.6MB
Sample

240927-rp6epsygpa
MD5

032b8ac455feba384216e5368c7396f4
SHA1

bc6d598727ff4934b3d01c2995edcce58e0ae763
SHA256

c8e3cd3b48afa202c64dbeaba8b6601de20118a30b72f135c50b44c8b983a0c2
SHA512

3e062af31480db93ee1020dbad55da5ae57fce17d08f230d2554050499f80609c4742df979c95b8f968890946d321ac2e81c4868e1f284857c844e2772f26e07
SSDEEP

49152:2nAQqMSPbcBV0Qo6SAARdhavxJM0H9QMEcaEau3R8yAH1plAvyQ3R:yDqPoBO36SAEdhCxWa9J93R8yAVp2x3R

Score

10^/10

wannacry defense_evasion discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-09-27_032b8ac455feba384216e5368c7396f4_wannacry
- Size
  
  3.6MB
- MD5
  
  032b8ac455feba384216e5368c7396f4
- SHA1
  
  bc6d598727ff4934b3d01c2995edcce58e0ae763
- SHA256
  
  c8e3cd3b48afa202c64dbeaba8b6601de20118a30b72f135c50b44c8b983a0c2
- SHA512
  
  3e062af31480db93ee1020dbad55da5ae57fce17d08f230d2554050499f80609c4742df979c95b8f968890946d321ac2e81c4868e1f284857c844e2772f26e07
- SSDEEP
  
  49152:2nAQqMSPbcBV0Qo6SAARdhavxJM0H9QMEcaEau3R8yAH1plAvyQ3R:yDqPoBO36SAEdhCxWa9J93R8yAVp2x3R
Score

10^/10

wannacry defense_evasion discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3321) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Modifies file permissions
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydefense_evasiondiscoveryransomwareworm

behavioral2

wannacrydefense_evasiondiscoveryransomwareworm