General

  • Target

    2024-10-12_3919290de39a60c322117b85694079f3_wannacry

  • Size

    3.6MB

  • Sample

    241012-dy9xla1ald

  • MD5

    3919290de39a60c322117b85694079f3

  • SHA1

    de79d45ab7fc158101bb3ad343946c58144986be

  • SHA256

    e4d4785dc56c7d6c06c41d05ee240b3dda4e374674f3846faba95b945600f732

  • SHA512

    da0c27257d4e9b6b93a25621cb9f4cda393c334bce22efc1483d1344d29526c7207ce5e8056ae605353637655c9dd5ffc4aed8648f1ba3ff04831beb257b3662

  • SSDEEP

    98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2Fbx:XDqPe1Cxcxk3ZAEUadzR8yc4Fbx

Malware Config

Targets

    • Target

      2024-10-12_3919290de39a60c322117b85694079f3_wannacry

    • Size

      3.6MB

    • MD5

      3919290de39a60c322117b85694079f3

    • SHA1

      de79d45ab7fc158101bb3ad343946c58144986be

    • SHA256

      e4d4785dc56c7d6c06c41d05ee240b3dda4e374674f3846faba95b945600f732

    • SHA512

      da0c27257d4e9b6b93a25621cb9f4cda393c334bce22efc1483d1344d29526c7207ce5e8056ae605353637655c9dd5ffc4aed8648f1ba3ff04831beb257b3662

    • SSDEEP

      98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2Fbx:XDqPe1Cxcxk3ZAEUadzR8yc4Fbx

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3168) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks