General

  • Target

    2024-10-06_3b7c1bf405c41bf766ec302bc31117cc_wannacry

  • Size

    5.0MB

  • Sample

    241006-mwwfvszdnp

  • MD5

    3b7c1bf405c41bf766ec302bc31117cc

  • SHA1

    c77a74b8b28ebdd4b73a072dea16230fa38e63bc

  • SHA256

    05a6e6b1b0de306d5228a73dafc237e0b05e43184258a6b68b29fe0f564282d3

  • SHA512

    1af72fc72b0a49bb785f298a980d09000756390a4bbd53634444a8f70d0b2e63b2acac5d4ce6d63bbe8fd2dac19ea174919eb0f64fcdc491deaf035774aaa052

  • SSDEEP

    98304:GDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2Hf:GDqPe1Cxcxk3ZAEUadzR8yc4Hf

Malware Config

Targets

    • Target

      2024-10-06_3b7c1bf405c41bf766ec302bc31117cc_wannacry

    • Size

      5.0MB

    • MD5

      3b7c1bf405c41bf766ec302bc31117cc

    • SHA1

      c77a74b8b28ebdd4b73a072dea16230fa38e63bc

    • SHA256

      05a6e6b1b0de306d5228a73dafc237e0b05e43184258a6b68b29fe0f564282d3

    • SHA512

      1af72fc72b0a49bb785f298a980d09000756390a4bbd53634444a8f70d0b2e63b2acac5d4ce6d63bbe8fd2dac19ea174919eb0f64fcdc491deaf035774aaa052

    • SSDEEP

      98304:GDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2Hf:GDqPe1Cxcxk3ZAEUadzR8yc4Hf

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3323) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks