Overview

overview

10

Static

static

3

2024-09-27...ry.exe

windows7-x64

10

2024-09-27...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-27_79fe6a3e50c8306265c37f14329f47b2_wannacry

  • Size

    3.6MB

  • Sample

    240927-vrjv9ssdpn

  • MD5

    79fe6a3e50c8306265c37f14329f47b2

  • SHA1

    35530cc1ec307d7e97599a393babd3555d199441

  • SHA256

    c551fe1868882b3ca6ca647d6ba57f7ed4090e4e0efcd41f39f4fd5c169ac0fa

  • SHA512

    1590d79a10c696bc24b08519e23dccf517824b32318928fb1571456c5c4f8ba1e880f815c085c983da9767eda2850077e53fdb553bc3354c87d5b1e90669f8e1

  • SSDEEP

    49152:hnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:FDqPoBhz1aRxcSUDk36SA

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      2024-09-27_79fe6a3e50c8306265c37f14329f47b2_wannacry

    • Size

      3.6MB

    • MD5

      79fe6a3e50c8306265c37f14329f47b2

    • SHA1

      35530cc1ec307d7e97599a393babd3555d199441

    • SHA256

      c551fe1868882b3ca6ca647d6ba57f7ed4090e4e0efcd41f39f4fd5c169ac0fa

    • SHA512

      1590d79a10c696bc24b08519e23dccf517824b32318928fb1571456c5c4f8ba1e880f815c085c983da9767eda2850077e53fdb553bc3354c87d5b1e90669f8e1

    • SSDEEP

      49152:hnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:FDqPoBhz1aRxcSUDk36SA

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3239) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks