wannacry | 9357f14302ac884843690cb757c22dc29842fc364d10555abbbf2cccdef62406 | Triage

Sharing

General

Target

9357f14302ac884843690cb757c22dc29842fc364d10555abbbf2cccdef62406N
Size

5.0MB
Sample

241004-ydcrksxbmc
MD5

1ad50dfabb7bd22fa667ade85c9a0d20
SHA1

1254e620f00150698ffa2ce13d0e95c8be3a3145
SHA256

9357f14302ac884843690cb757c22dc29842fc364d10555abbbf2cccdef62406
SHA512

1193e57c7351e0e773535304f3f201453b4e50887f8dafaaea25e33415524cca8980289100aa17019c11fbf9efcc76ac95b1a6a7009fab67b445b0d75f504f16
SSDEEP

49152:XnAQqMSPbcAQej/1INRx+TSqTdX1HkQo6SAA:XDqPooz1aRxcSUDk36SA

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  9357f14302ac884843690cb757c22dc29842fc364d10555abbbf2cccdef62406N
- Size
  
  5.0MB
- MD5
  
  1ad50dfabb7bd22fa667ade85c9a0d20
- SHA1
  
  1254e620f00150698ffa2ce13d0e95c8be3a3145
- SHA256
  
  9357f14302ac884843690cb757c22dc29842fc364d10555abbbf2cccdef62406
- SHA512
  
  1193e57c7351e0e773535304f3f201453b4e50887f8dafaaea25e33415524cca8980289100aa17019c11fbf9efcc76ac95b1a6a7009fab67b445b0d75f504f16
- SSDEEP
  
  49152:XnAQqMSPbcAQej/1INRx+TSqTdX1HkQo6SAA:XDqPooz1aRxcSUDk36SA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (2469) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm