General

  • Target

    2024-10-05_1e8f62d55821a5e78700ec5b63f04283_wannacry

  • Size

    3.6MB

  • Sample

    241005-lffj2axfkj

  • MD5

    1e8f62d55821a5e78700ec5b63f04283

  • SHA1

    b4f713f912c018fa9ab8a2cfd57537715ab9c92e

  • SHA256

    c4ffae0f619877104eebc00210978f0c283ee4d08f41af3d2f7436d3f7aa5f17

  • SHA512

    6da36680f831a476b97034c2c6fba2bfbc30fc78a0731e51a71b182bec9b181c69098e197f19a951af58ca02284885b9d94fbd877cca1b7bbd24d5fc5462bc14

  • SSDEEP

    49152:XnAQqtKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:XDqPfBhz1aRxcSUDk36SAEdhv

Malware Config

Targets

    • Target

      2024-10-05_1e8f62d55821a5e78700ec5b63f04283_wannacry

    • Size

      3.6MB

    • MD5

      1e8f62d55821a5e78700ec5b63f04283

    • SHA1

      b4f713f912c018fa9ab8a2cfd57537715ab9c92e

    • SHA256

      c4ffae0f619877104eebc00210978f0c283ee4d08f41af3d2f7436d3f7aa5f17

    • SHA512

      6da36680f831a476b97034c2c6fba2bfbc30fc78a0731e51a71b182bec9b181c69098e197f19a951af58ca02284885b9d94fbd877cca1b7bbd24d5fc5462bc14

    • SSDEEP

      49152:XnAQqtKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:XDqPfBhz1aRxcSUDk36SAEdhv

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3167) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks