General

  • Target

    2024-10-10_dcea2274b80b5099957c6c54c199a578_wannacry

  • Size

    3.6MB

  • Sample

    241011-akl2tszckj

  • MD5

    dcea2274b80b5099957c6c54c199a578

  • SHA1

    06b41de1cba81dad00346f1cef67655c8d379d16

  • SHA256

    c478bfc955cb24c2be11c1bead605a67007b1ed8098b457ab96ed594b1406eb0

  • SHA512

    fd6788b6f995c42b1b0027b57e220735ec01f4308127be4f61f5eb7f72f1fc80f5fe0473cc1beab53c0d8325d149a4c9b8aad97fa4f7b8c398c4e986ce72686c

  • SSDEEP

    24576:XbLgddQhfdmMSirYbc2vY/7Fh25/AcVA:XnAQqMSPbc2vY2ZAOA

Malware Config

Targets

    • Target

      2024-10-10_dcea2274b80b5099957c6c54c199a578_wannacry

    • Size

      3.6MB

    • MD5

      dcea2274b80b5099957c6c54c199a578

    • SHA1

      06b41de1cba81dad00346f1cef67655c8d379d16

    • SHA256

      c478bfc955cb24c2be11c1bead605a67007b1ed8098b457ab96ed594b1406eb0

    • SHA512

      fd6788b6f995c42b1b0027b57e220735ec01f4308127be4f61f5eb7f72f1fc80f5fe0473cc1beab53c0d8325d149a4c9b8aad97fa4f7b8c398c4e986ce72686c

    • SSDEEP

      24576:XbLgddQhfdmMSirYbc2vY/7Fh25/AcVA:XnAQqMSPbc2vY2ZAOA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3106) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks