General

  • Target

    2024-09-27_671a4dffa8669d953cc82036333776f5_wannacry

  • Size

    2.2MB

  • Sample

    240927-vsp4nsveld

  • MD5

    671a4dffa8669d953cc82036333776f5

  • SHA1

    d0e3742d724b141290e878751a81a8750e293605

  • SHA256

    ac7daca4072f210d5066b412d394faf2928ab0387f2deea884caaaf9b00db28b

  • SHA512

    efdbf51ab271124e0381d8533cae02c1f35361860e2e5332228a6e875b9d2974e7ce820db701e2390560f492479e064dfd1f5d07687c3179946b8c9c3f953270

  • SSDEEP

    49152:QnpEKUacBVQej/1GNRx+TSqTdX1HkQo6SAARdhnvn:QpyfBhz1URxcSUDk36SAEdhvn

Malware Config

Targets

    • Target

      2024-09-27_671a4dffa8669d953cc82036333776f5_wannacry

    • Size

      2.2MB

    • MD5

      671a4dffa8669d953cc82036333776f5

    • SHA1

      d0e3742d724b141290e878751a81a8750e293605

    • SHA256

      ac7daca4072f210d5066b412d394faf2928ab0387f2deea884caaaf9b00db28b

    • SHA512

      efdbf51ab271124e0381d8533cae02c1f35361860e2e5332228a6e875b9d2974e7ce820db701e2390560f492479e064dfd1f5d07687c3179946b8c9c3f953270

    • SSDEEP

      49152:QnpEKUacBVQej/1GNRx+TSqTdX1HkQo6SAARdhnvn:QpyfBhz1URxcSUDk36SAEdhvn

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3249) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks