General

  • Target

    2024-10-12_7421effaa49f120c8beea4f9936d87d8_wannacry

  • Size

    3.6MB

  • Sample

    241012-d9nthawbnk

  • MD5

    7421effaa49f120c8beea4f9936d87d8

  • SHA1

    9463f656544132b9fb16235ed5977b7c5394f7ce

  • SHA256

    85302b209ba37ac7483d9c015e850562af91a60f9577db5830b607104f328726

  • SHA512

    eef29f37e6336c9a5379fa4bce6067ec0e7747d4f944317220e34df3eb29c4e6c48869400401ff1a3c926a39700244ad46b90742cafa72fbc9d302fb2d2c113d

  • SSDEEP

    98304:ZDqPoBhz1aRxcSUDkWx7QY83EKx1eKOCXcn:ZDqPe1CxcxkA7j83PxISXcn

Malware Config

Targets

    • Target

      2024-10-12_7421effaa49f120c8beea4f9936d87d8_wannacry

    • Size

      3.6MB

    • MD5

      7421effaa49f120c8beea4f9936d87d8

    • SHA1

      9463f656544132b9fb16235ed5977b7c5394f7ce

    • SHA256

      85302b209ba37ac7483d9c015e850562af91a60f9577db5830b607104f328726

    • SHA512

      eef29f37e6336c9a5379fa4bce6067ec0e7747d4f944317220e34df3eb29c4e6c48869400401ff1a3c926a39700244ad46b90742cafa72fbc9d302fb2d2c113d

    • SSDEEP

      98304:ZDqPoBhz1aRxcSUDkWx7QY83EKx1eKOCXcn:ZDqPe1CxcxkA7j83PxISXcn

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3228) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks