General
-
Target
2024-09-27_1ece9057acb1564d739c539419b177c9_wannacry
-
Size
3.6MB
-
Sample
240927-vl5wjsscpl
-
MD5
1ece9057acb1564d739c539419b177c9
-
SHA1
8adea5413736cb37e4ddf6a40003246eca7fbec5
-
SHA256
0769145fbcd684ff5a1c4a42391f42a43d598cd44ba8ae3adde0c5503cde5a5b
-
SHA512
c16fe1a6c6eb7f31f6fb603bece400bd712bcf9da39011b656f814e3afd36c70b72992c2b697e98a45a0d86985f592f7e62717d123c22ced3addc59d9fa36f1a
-
SSDEEP
98304:D8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8s3R:D8qPe1Cxcxk3ZAEUadzR8sB
Malware Config
Targets
-
-
Target
2024-09-27_1ece9057acb1564d739c539419b177c9_wannacry
-
Size
3.6MB
-
MD5
1ece9057acb1564d739c539419b177c9
-
SHA1
8adea5413736cb37e4ddf6a40003246eca7fbec5
-
SHA256
0769145fbcd684ff5a1c4a42391f42a43d598cd44ba8ae3adde0c5503cde5a5b
-
SHA512
c16fe1a6c6eb7f31f6fb603bece400bd712bcf9da39011b656f814e3afd36c70b72992c2b697e98a45a0d86985f592f7e62717d123c22ced3addc59d9fa36f1a
-
SSDEEP
98304:D8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8s3R:D8qPe1Cxcxk3ZAEUadzR8sB
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3221) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Modifies file permissions
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1