wannacry | a4a02294c6ab9006918383f123ae097fa0bd60dcd3e88babf2e15bf10524cb4d | Triage

Sharing

General

Target

2024-10-09_8c70294728b13931c2f352ec05a06954_wannacry
Size

5.0MB
Sample

241009-rjkwta1ckf
MD5

8c70294728b13931c2f352ec05a06954
SHA1

a93cdf58d4ddfe69e4b40a237b0979027c795db8
SHA256

a4a02294c6ab9006918383f123ae097fa0bd60dcd3e88babf2e15bf10524cb4d
SHA512

9a5bdb36c281a338e2bc3619501df8740857b58911d19986f6e0f80f10813d25f053f0060195e7ab849a9dd0d81fb8e368f6df798565f1c07a03153f2f29e7f8
SSDEEP

49152:wnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:wDqPoBhz1aRxcSUDk36SA

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  2024-10-09_8c70294728b13931c2f352ec05a06954_wannacry
- Size
  
  5.0MB
- MD5
  
  8c70294728b13931c2f352ec05a06954
- SHA1
  
  a93cdf58d4ddfe69e4b40a237b0979027c795db8
- SHA256
  
  a4a02294c6ab9006918383f123ae097fa0bd60dcd3e88babf2e15bf10524cb4d
- SHA512
  
  9a5bdb36c281a338e2bc3619501df8740857b58911d19986f6e0f80f10813d25f053f0060195e7ab849a9dd0d81fb8e368f6df798565f1c07a03153f2f29e7f8
- SSDEEP
  
  49152:wnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:wDqPoBhz1aRxcSUDk36SA
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3236) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm