General

  • Target

    2024-10-12_461f9afd1c9020f07c2ec68122c6cd08_wannacry

  • Size

    3.6MB

  • Sample

    241012-d4n73svhjn

  • MD5

    461f9afd1c9020f07c2ec68122c6cd08

  • SHA1

    5644f50783e679c9e1bf7de5d78f24eb155809da

  • SHA256

    e0f034bcd89b1ac1018deebcdad5ac28a4f329e478773bb89e1a1fc6d2a5871d

  • SHA512

    01b693991d65096b1ccd7989ae17d6d7eaff611525cb45b0012fe99f1128028571a6a30131222bfd032d79909265249a3ab9d4622055391176fc0ce13f19a23c

  • SSDEEP

    98304:ZDqPob1aRxcSUDk36SAovxWa9P593R8yAVp2HI:ZDqPu1Cxcxk3ZALadzR8yc4HI

Malware Config

Targets

    • Target

      2024-10-12_461f9afd1c9020f07c2ec68122c6cd08_wannacry

    • Size

      3.6MB

    • MD5

      461f9afd1c9020f07c2ec68122c6cd08

    • SHA1

      5644f50783e679c9e1bf7de5d78f24eb155809da

    • SHA256

      e0f034bcd89b1ac1018deebcdad5ac28a4f329e478773bb89e1a1fc6d2a5871d

    • SHA512

      01b693991d65096b1ccd7989ae17d6d7eaff611525cb45b0012fe99f1128028571a6a30131222bfd032d79909265249a3ab9d4622055391176fc0ce13f19a23c

    • SSDEEP

      98304:ZDqPob1aRxcSUDk36SAovxWa9P593R8yAVp2HI:ZDqPu1Cxcxk3ZALadzR8yc4HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3196) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks