wannacry | 629e77071d503be5f254a2de3f6593283effa30a83dd30e0693c9c7c018c2fd8 | Triage

Sharing

General

Target

2024-09-27_49225b2ccfaa2e7eb176bc3a2ade8cc1_wannacry
Size

3.6MB
Sample

240927-vphkessdkp
MD5

49225b2ccfaa2e7eb176bc3a2ade8cc1
SHA1

1bba4c0ce92878b089e435a3e90f227f37f0dcb0
SHA256

629e77071d503be5f254a2de3f6593283effa30a83dd30e0693c9c7c018c2fd8
SHA512

15f2b14f729075c3a0a5115e3760bd07d2ccc0791dafdfa2ad348ede491841394b4515d17430b3bc0ea6cd1f24d9b37045c969f23e29c0441494da8bc2b472e7
SSDEEP

49152:wnAQqMSPbcBVPINRx+TSqTduxJM0H9PAMEcaEau3R8yAH1plAHMHV:wDqPoBRaRxcSUUxWa9P593R8yAVp2HI

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  2024-09-27_49225b2ccfaa2e7eb176bc3a2ade8cc1_wannacry
- Size
  
  3.6MB
- MD5
  
  49225b2ccfaa2e7eb176bc3a2ade8cc1
- SHA1
  
  1bba4c0ce92878b089e435a3e90f227f37f0dcb0
- SHA256
  
  629e77071d503be5f254a2de3f6593283effa30a83dd30e0693c9c7c018c2fd8
- SHA512
  
  15f2b14f729075c3a0a5115e3760bd07d2ccc0791dafdfa2ad348ede491841394b4515d17430b3bc0ea6cd1f24d9b37045c969f23e29c0441494da8bc2b472e7
- SSDEEP
  
  49152:wnAQqMSPbcBVPINRx+TSqTduxJM0H9PAMEcaEau3R8yAH1plAHMHV:wDqPoBRaRxcSUUxWa9P593R8yAVp2HI
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3286) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm