General

  • Target

    2024-10-12_0c3e3914187c46936dc91613e1db792e_wannacry

  • Size

    3.6MB

  • Sample

    241012-dcy8zatbnl

  • MD5

    0c3e3914187c46936dc91613e1db792e

  • SHA1

    d1a536f1f26916652187766751c8dd878f857d35

  • SHA256

    11c5e2215cdfde0136f8e066edfd3a1781323f87aeee33075c7792d7eedafb5f

  • SHA512

    3f2aa6ee8a2f348cdda43f25c4abc043fa54ae34dc28e774a76e39834cfdf59ca4ade794d191d84815b833204652270d7e0d8d528b458c8c3b5e3c22e9fbe759

  • SSDEEP

    49152:/nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:PDqPoBhz1aRxcSUDk36SA

Malware Config

Targets

    • Target

      2024-10-12_0c3e3914187c46936dc91613e1db792e_wannacry

    • Size

      3.6MB

    • MD5

      0c3e3914187c46936dc91613e1db792e

    • SHA1

      d1a536f1f26916652187766751c8dd878f857d35

    • SHA256

      11c5e2215cdfde0136f8e066edfd3a1781323f87aeee33075c7792d7eedafb5f

    • SHA512

      3f2aa6ee8a2f348cdda43f25c4abc043fa54ae34dc28e774a76e39834cfdf59ca4ade794d191d84815b833204652270d7e0d8d528b458c8c3b5e3c22e9fbe759

    • SSDEEP

      49152:/nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:PDqPoBhz1aRxcSUDk36SA

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3189) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks