General

  • Target

    2024-10-12_915818dbd2a3607d616290bf37b95ae4_wannacry

  • Size

    2.2MB

  • Sample

    241012-ejyrfswglk

  • MD5

    915818dbd2a3607d616290bf37b95ae4

  • SHA1

    3fcda20ba630eb7f487c4243d629d3787caaa52a

  • SHA256

    f1f1d497b27e3547f467faa001ce872f102c0fbb43b04cc139e7529eb90835fa

  • SHA512

    c9926197fc4d9c5af288c7a1628e9004b3839418159fbc1a64a601050f05ab15e56984632e22d9a171559c2c6b396cc4716200a0fb6939c9197721f5c5dce776

  • SSDEEP

    49152:QnnMSPbcBVQej/1INRx+TSqTdd1HkQo6SAARdh:QnPoBhz1aRxcSUZk36SAEdh

Malware Config

Targets

    • Target

      2024-10-12_915818dbd2a3607d616290bf37b95ae4_wannacry

    • Size

      2.2MB

    • MD5

      915818dbd2a3607d616290bf37b95ae4

    • SHA1

      3fcda20ba630eb7f487c4243d629d3787caaa52a

    • SHA256

      f1f1d497b27e3547f467faa001ce872f102c0fbb43b04cc139e7529eb90835fa

    • SHA512

      c9926197fc4d9c5af288c7a1628e9004b3839418159fbc1a64a601050f05ab15e56984632e22d9a171559c2c6b396cc4716200a0fb6939c9197721f5c5dce776

    • SSDEEP

      49152:QnnMSPbcBVQej/1INRx+TSqTdd1HkQo6SAARdh:QnPoBhz1aRxcSUZk36SAEdh

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3210) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks