General

  • Target

    2024-10-11_56bd6cd862196718e8eea6419feb7bca_wannacry

  • Size

    3.6MB

  • Sample

    241011-a1rx1s1bpm

  • MD5

    56bd6cd862196718e8eea6419feb7bca

  • SHA1

    5fe5decdace48d7ddbea3f8601a2fde00b96ed0d

  • SHA256

    d9c532357e92fa44d0353fbfe2e8418a4201542215c6dcdb0b8c452252facec0

  • SHA512

    a22b8d932bf975d371602d468190e1f0c7aadbc4dd8b7273ad5595c6d9c592766834de237fecd504d134c5a9cd981c52b4d67ea028b4542ac5c484b74c8059e0

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRPvxJMdAMEcaEau3R8yAH1plAHI:yDqPoBhz1aR3xWd593R8yAVp2HI

Malware Config

Targets

    • Target

      2024-10-11_56bd6cd862196718e8eea6419feb7bca_wannacry

    • Size

      3.6MB

    • MD5

      56bd6cd862196718e8eea6419feb7bca

    • SHA1

      5fe5decdace48d7ddbea3f8601a2fde00b96ed0d

    • SHA256

      d9c532357e92fa44d0353fbfe2e8418a4201542215c6dcdb0b8c452252facec0

    • SHA512

      a22b8d932bf975d371602d468190e1f0c7aadbc4dd8b7273ad5595c6d9c592766834de237fecd504d134c5a9cd981c52b4d67ea028b4542ac5c484b74c8059e0

    • SSDEEP

      49152:2nAQqMSPbcBVQej/1INRPvxJMdAMEcaEau3R8yAH1plAHI:yDqPoBhz1aR3xWd593R8yAVp2HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3142) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks