wannacry | 309c2a71f9b7cae1a9862d8b63c8de6066ea585dd1fbad10142aabdd8375fb96 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-09-27...ry.exe

windows7-x64

2024-09-27...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-09-27_849ab6d8a1b0c28e3308b2ac04cad21a_wannacry
Size

3.6MB
Sample

240927-vtwylsselk
MD5

849ab6d8a1b0c28e3308b2ac04cad21a
SHA1

07f479be9e8b4c6a69bd85c934065ca14d75480a
SHA256

309c2a71f9b7cae1a9862d8b63c8de6066ea585dd1fbad10142aabdd8375fb96
SHA512

db50f9c46645c9bae1928623b8f6218dc0d99824a343581abc92267402f4ed4481616bc12d47b434377fc127561e10d364fc9d0e85228b4fa7ed72da2a5126e4
SSDEEP

49152:2nAQqM/Qej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9LVvI:yDqcz1aRxcSUDk36SAEdhvxWa9S

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-09-27_849ab6d8a1b0c28e3308b2ac04cad21a_wannacry.exe

Resource

win7-20240708-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-09-27_849ab6d8a1b0c28e3308b2ac04cad21a_wannacry.exe

Resource

win10v2004-20240802-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-09-27_849ab6d8a1b0c28e3308b2ac04cad21a_wannacry
- Size
  
  3.6MB
- MD5
  
  849ab6d8a1b0c28e3308b2ac04cad21a
- SHA1
  
  07f479be9e8b4c6a69bd85c934065ca14d75480a
- SHA256
  
  309c2a71f9b7cae1a9862d8b63c8de6066ea585dd1fbad10142aabdd8375fb96
- SHA512
  
  db50f9c46645c9bae1928623b8f6218dc0d99824a343581abc92267402f4ed4481616bc12d47b434377fc127561e10d364fc9d0e85228b4fa7ed72da2a5126e4
- SSDEEP
  
  49152:2nAQqM/Qej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9LVvI:yDqcz1aRxcSUDk36SAEdhvxWa9S
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3310) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2025

Terms | Privacy