wannacry | 0a9871e01a9ef03a53c22bcc4eda250b74b319b96c85b3ecd8d90d997afd429a | Triage

Sharing

General

Target

0a9871e01a9ef03a53c22bcc4eda250b74b319b96c85b3ecd8d90d997afd429aN
Size

5.0MB
Sample

240930-zxr62syhkh
MD5

9f6f1b47b3ba1cbee37b5f9f0e38a270
SHA1

3c2f71c605ae76801e17ac290e81e62287a507c6
SHA256

0a9871e01a9ef03a53c22bcc4eda250b74b319b96c85b3ecd8d90d997afd429a
SHA512

5a69adf6cb5a529cd0cfe646b0fc1afacdaa29df0fd73a07f402bbf2f56198647ac02c0dcf428772ffb6ec2685a69d2f1572875c480de9dc67ada5204a699f3d
SSDEEP

98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P59+AVp2H:d8qPe1Cxcxk3ZAEUadic4H

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  0a9871e01a9ef03a53c22bcc4eda250b74b319b96c85b3ecd8d90d997afd429aN
- Size
  
  5.0MB
- MD5
  
  9f6f1b47b3ba1cbee37b5f9f0e38a270
- SHA1
  
  3c2f71c605ae76801e17ac290e81e62287a507c6
- SHA256
  
  0a9871e01a9ef03a53c22bcc4eda250b74b319b96c85b3ecd8d90d997afd429a
- SHA512
  
  5a69adf6cb5a529cd0cfe646b0fc1afacdaa29df0fd73a07f402bbf2f56198647ac02c0dcf428772ffb6ec2685a69d2f1572875c480de9dc67ada5204a699f3d
- SSDEEP
  
  98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P59+AVp2H:d8qPe1Cxcxk3ZAEUadic4H
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2461) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm