General

  • Target

    2024-10-12_640e4d3e3f12e876ae06d9e68c99a308_wannacry

  • Size

    2.2MB

  • Sample

    241012-ej5vrsscng

  • MD5

    640e4d3e3f12e876ae06d9e68c99a308

  • SHA1

    7c8f4f6df1712d6f92642ad4e9a0d25be3eae339

  • SHA256

    1c484121926cf5051c5f81024809e315bd05fcb0308de91848f53f14d69fa3e5

  • SHA512

    0909688bcb042581383990e61264ba36918f3853a69c2185b2e51345cc8e302cb184be3038dee88dc773b29b46c9fa7823365996607e85f16609ab744c249c27

  • SSDEEP

    49152:QnpEjbcBVQej31sNRx+TSqTdX1HkQo6SAARdh:QpUoBhT1+RxcSUDk36SAEdh

Malware Config

Targets

    • Target

      2024-10-12_640e4d3e3f12e876ae06d9e68c99a308_wannacry

    • Size

      2.2MB

    • MD5

      640e4d3e3f12e876ae06d9e68c99a308

    • SHA1

      7c8f4f6df1712d6f92642ad4e9a0d25be3eae339

    • SHA256

      1c484121926cf5051c5f81024809e315bd05fcb0308de91848f53f14d69fa3e5

    • SHA512

      0909688bcb042581383990e61264ba36918f3853a69c2185b2e51345cc8e302cb184be3038dee88dc773b29b46c9fa7823365996607e85f16609ab744c249c27

    • SSDEEP

      49152:QnpEjbcBVQej31sNRx+TSqTdX1HkQo6SAARdh:QpUoBhT1+RxcSUDk36SAEdh

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3095) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks