General

  • Target

    2024-10-12_71ec4e703fc939b894dade629e671f55_wannacry

  • Size

    3.6MB

  • Sample

    241012-d9alwawbln

  • MD5

    71ec4e703fc939b894dade629e671f55

  • SHA1

    51b7bf5fa8fc69b92d26a84f5373ca6e5ecca7eb

  • SHA256

    2ef401da8d28c27b4886d7f03f971c6ab456f10cd9f69ae54871a5548e0ab069

  • SHA512

    1a744425ae16400905d809bc18753b034a6c6d2ab95f1e2cc830c2a3b6e16d85c240828dd3e8353bf55ee07c9487ac5494c5e473bd8611951eaf213e20da5918

  • SSDEEP

    98304:6DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:6DqPe1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      2024-10-12_71ec4e703fc939b894dade629e671f55_wannacry

    • Size

      3.6MB

    • MD5

      71ec4e703fc939b894dade629e671f55

    • SHA1

      51b7bf5fa8fc69b92d26a84f5373ca6e5ecca7eb

    • SHA256

      2ef401da8d28c27b4886d7f03f971c6ab456f10cd9f69ae54871a5548e0ab069

    • SHA512

      1a744425ae16400905d809bc18753b034a6c6d2ab95f1e2cc830c2a3b6e16d85c240828dd3e8353bf55ee07c9487ac5494c5e473bd8611951eaf213e20da5918

    • SSDEEP

      98304:6DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:6DqPe1Cxcxk3ZAEUadzR8yc4H

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3345) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks