General

  • Target

    2024-09-29_7234c8b3035cfb2507f9f4bc3b605b07_wannacry

  • Size

    5.0MB

  • Sample

    240929-lzr26sygkl

  • MD5

    7234c8b3035cfb2507f9f4bc3b605b07

  • SHA1

    87e62f7d9c0dca8031169900f38778a98e815e06

  • SHA256

    0137da44864894d4342e272e70ed5f1c18f55efd64443a6cfa5a26ffdd363d72

  • SHA512

    005106d783b04b91a94248be6b46c2067bc0ef9c02622722d73e760c2e4dc836a041877c1474b1b50e4a8da61a9b2728596a21e24d6fda3e7c6fff7c47ba3b22

  • SSDEEP

    49152:2njQqMSPbcBVQej/1ISx+TSqTdX1HkQo6SAA:y8qPoBhz1bxcSUDk36SA

Malware Config

Targets

    • Target

      2024-09-29_7234c8b3035cfb2507f9f4bc3b605b07_wannacry

    • Size

      5.0MB

    • MD5

      7234c8b3035cfb2507f9f4bc3b605b07

    • SHA1

      87e62f7d9c0dca8031169900f38778a98e815e06

    • SHA256

      0137da44864894d4342e272e70ed5f1c18f55efd64443a6cfa5a26ffdd363d72

    • SHA512

      005106d783b04b91a94248be6b46c2067bc0ef9c02622722d73e760c2e4dc836a041877c1474b1b50e4a8da61a9b2728596a21e24d6fda3e7c6fff7c47ba3b22

    • SSDEEP

      49152:2njQqMSPbcBVQej/1ISx+TSqTdX1HkQo6SAA:y8qPoBhz1bxcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3185) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks