General

  • Target

    2024-09-29_342bfeda02c1e8d47a8bd4dd6cc6e99e_wannacry

  • Size

    5.0MB

  • Sample

    240929-dygaaayajn

  • MD5

    342bfeda02c1e8d47a8bd4dd6cc6e99e

  • SHA1

    8bebf2c98f9fda20507d592b92867d178a55d8c7

  • SHA256

    108fa5f2d75754e2c1bd7700c152e1f295541af5f1fe186214d307ef6703d541

  • SHA512

    3e6407498b7c2208b70f0c85a78af17b9fca8e8978969c00c4f19db60016fd7b4f37f535f47bc91f17717a5096079b121c909bf2ba1c75e773ff8d92ee23930d

  • SSDEEP

    98304:SDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2Hq:SDqPe1Cxcxk3ZAEUadzR8yc4Hq

Malware Config

Targets

    • Target

      2024-09-29_342bfeda02c1e8d47a8bd4dd6cc6e99e_wannacry

    • Size

      5.0MB

    • MD5

      342bfeda02c1e8d47a8bd4dd6cc6e99e

    • SHA1

      8bebf2c98f9fda20507d592b92867d178a55d8c7

    • SHA256

      108fa5f2d75754e2c1bd7700c152e1f295541af5f1fe186214d307ef6703d541

    • SHA512

      3e6407498b7c2208b70f0c85a78af17b9fca8e8978969c00c4f19db60016fd7b4f37f535f47bc91f17717a5096079b121c909bf2ba1c75e773ff8d92ee23930d

    • SSDEEP

      98304:SDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2Hq:SDqPe1Cxcxk3ZAEUadzR8yc4Hq

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3190) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Drops file in Drivers directory

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks