General

  • Target

    2024-10-11_1d7c6e871159b6b01072cebe683b955a_nymaim_wannacry

  • Size

    2.4MB

  • Sample

    241011-srwhysygrc

  • MD5

    1d7c6e871159b6b01072cebe683b955a

  • SHA1

    dcf5f38e71aec895fc1c9f97548daf7201fc7275

  • SHA256

    d13f287506b003c20bc36ef96e67b335869b11d88ead5d7e6ec14e2b0366912d

  • SHA512

    47678355c11c7552dccebafafac5cda705169bde83d0bbc165dffdb73c22423686848e700cd8236f2b5e5baf5973f9e17eb4eafe30b7f24e277ca40a649dcb3b

  • SSDEEP

    49152:7npEKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnvXiHgYk6:LpyfBhz1aRxcSUDk36SAEdhvXiHgYk

Malware Config

Targets

    • Target

      2024-10-11_1d7c6e871159b6b01072cebe683b955a_nymaim_wannacry

    • Size

      2.4MB

    • MD5

      1d7c6e871159b6b01072cebe683b955a

    • SHA1

      dcf5f38e71aec895fc1c9f97548daf7201fc7275

    • SHA256

      d13f287506b003c20bc36ef96e67b335869b11d88ead5d7e6ec14e2b0366912d

    • SHA512

      47678355c11c7552dccebafafac5cda705169bde83d0bbc165dffdb73c22423686848e700cd8236f2b5e5baf5973f9e17eb4eafe30b7f24e277ca40a649dcb3b

    • SSDEEP

      49152:7npEKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnvXiHgYk6:LpyfBhz1aRxcSUDk36SAEdhvXiHgYk

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2423) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Drops file in Drivers directory

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks