wannacry | 688e4651ce8fa9cfd54f233039afa58d71bcb751ad9add2fd83561724445ba31 | Triage

Sharing

General

Target

688e4651ce8fa9cfd54f233039afa58d71bcb751ad9add2fd83561724445ba31N
Size

5.0MB
Sample

241002-267zzascmk
MD5

890e1fb886ff99ff4df11109b0f10a20
SHA1

4ebab7255d5e76fac438910c7fbfc16f2a84196c
SHA256

688e4651ce8fa9cfd54f233039afa58d71bcb751ad9add2fd83561724445ba31
SHA512

e658472cc9ff01724cfab65a38000217b3f4922194475fbab4956ab467be23a15f0c6ecb8b0e8aca21e32fa12d3c433a3c5e95e4a8ef24223e92768edf7db139
SSDEEP

49152:RnsQqBKUacBVQej/1INRx+TSqTdX1HkQo6SAAIv:1/qzfBhz1aRxcSUDk36SAV

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  688e4651ce8fa9cfd54f233039afa58d71bcb751ad9add2fd83561724445ba31N
- Size
  
  5.0MB
- MD5
  
  890e1fb886ff99ff4df11109b0f10a20
- SHA1
  
  4ebab7255d5e76fac438910c7fbfc16f2a84196c
- SHA256
  
  688e4651ce8fa9cfd54f233039afa58d71bcb751ad9add2fd83561724445ba31
- SHA512
  
  e658472cc9ff01724cfab65a38000217b3f4922194475fbab4956ab467be23a15f0c6ecb8b0e8aca21e32fa12d3c433a3c5e95e4a8ef24223e92768edf7db139
- SSDEEP
  
  49152:RnsQqBKUacBVQej/1INRx+TSqTdX1HkQo6SAAIv:1/qzfBhz1aRxcSUDk36SAV
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2400) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm