General

  • Target

    2024-10-11_f4655e2e4121e30ca1880efe36a5ac0d_wannacry

  • Size

    3.6MB

  • Sample

    241011-evlahazfmr

  • MD5

    f4655e2e4121e30ca1880efe36a5ac0d

  • SHA1

    99cce2e75d9a22a8a143fa67380aa32b766c0b40

  • SHA256

    e928f90bdf9307df76d90a153a6d1896e6def211be0b2cfef6fbdf28b8494cc4

  • SHA512

    458e71bbbcc225f7ffb26a1c775f746cc545a666a95c12a98dc3d8db4e4394dc93435da96060a71d9975a062a6fcce364853078856b082e8f2ae4e9a472231cb

  • SSDEEP

    98304:I8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:I8qPe1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      2024-10-11_f4655e2e4121e30ca1880efe36a5ac0d_wannacry

    • Size

      3.6MB

    • MD5

      f4655e2e4121e30ca1880efe36a5ac0d

    • SHA1

      99cce2e75d9a22a8a143fa67380aa32b766c0b40

    • SHA256

      e928f90bdf9307df76d90a153a6d1896e6def211be0b2cfef6fbdf28b8494cc4

    • SHA512

      458e71bbbcc225f7ffb26a1c775f746cc545a666a95c12a98dc3d8db4e4394dc93435da96060a71d9975a062a6fcce364853078856b082e8f2ae4e9a472231cb

    • SSDEEP

      98304:I8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:I8qPe1Cxcxk3ZAEUadzR8yc4H

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3149) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Drops file in Drivers directory

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks