General

  • Target

    2024-10-11_c2f5fb0ea897caa409f44c28c20449bb_wannacry

  • Size

    5.0MB

  • Sample

    241011-rpyd4asank

  • MD5

    c2f5fb0ea897caa409f44c28c20449bb

  • SHA1

    d3be17cb9a064f1a42baa7e23136c5ad35daed50

  • SHA256

    84cfbbfa3a2685b4fbf9558a3ab91df23b6da7169c324441b49136f385f4e812

  • SHA512

    7cc759d285d13857e9682de3cf84d16a6ab4d9b97df376203232df2fdc480dd43e42f0bb643e8fa14cc71db42488b79713374541651968baba531644bee0254d

  • SSDEEP

    98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAw2:Z8qPe1Cxcxk3ZAEUadzR8y

Malware Config

Targets

    • Target

      2024-10-11_c2f5fb0ea897caa409f44c28c20449bb_wannacry

    • Size

      5.0MB

    • MD5

      c2f5fb0ea897caa409f44c28c20449bb

    • SHA1

      d3be17cb9a064f1a42baa7e23136c5ad35daed50

    • SHA256

      84cfbbfa3a2685b4fbf9558a3ab91df23b6da7169c324441b49136f385f4e812

    • SHA512

      7cc759d285d13857e9682de3cf84d16a6ab4d9b97df376203232df2fdc480dd43e42f0bb643e8fa14cc71db42488b79713374541651968baba531644bee0254d

    • SSDEEP

      98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAw2:Z8qPe1Cxcxk3ZAEUadzR8y

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3237) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks