wannacry | 63dd1f3fea9f40c5fa316ac32d1cd772e3ea0e85025c80c609530e2d30f50a08 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-10-12...ry.exe

windows7-x64

2024-10-12...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-10-12_a7629162d9ba17e903cfe0eb0068fba0_wannacry
Size

3.6MB
Sample

241012-ff1bjsydnn
MD5

a7629162d9ba17e903cfe0eb0068fba0
SHA1

338db4ee5e5adb1402cc0d482da7c2616c034c67
SHA256

63dd1f3fea9f40c5fa316ac32d1cd772e3ea0e85025c80c609530e2d30f50a08
SHA512

013ff333dcea2be0b8efba0a1bf1fc5bdaf20e77f5484aa399717bc52397b685ed71b93a4c50dc0a0a2b2dbce8674875c9eaca2b655084f8685ae718a3ec8d86
SSDEEP

24576:2bLgddQhfdmMSirYbcMNgef0NSk+RdhAdmv:2nAQqMSPbcBVNARdhnv

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-10-12_a7629162d9ba17e903cfe0eb0068fba0_wannacry.exe

Resource

win7-20241010-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-10-12_a7629162d9ba17e903cfe0eb0068fba0_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-10-12_a7629162d9ba17e903cfe0eb0068fba0_wannacry
- Size
  
  3.6MB
- MD5
  
  a7629162d9ba17e903cfe0eb0068fba0
- SHA1
  
  338db4ee5e5adb1402cc0d482da7c2616c034c67
- SHA256
  
  63dd1f3fea9f40c5fa316ac32d1cd772e3ea0e85025c80c609530e2d30f50a08
- SHA512
  
  013ff333dcea2be0b8efba0a1bf1fc5bdaf20e77f5484aa399717bc52397b685ed71b93a4c50dc0a0a2b2dbce8674875c9eaca2b655084f8685ae718a3ec8d86
- SSDEEP
  
  24576:2bLgddQhfdmMSirYbcMNgef0NSk+RdhAdmv:2nAQqMSPbcBVNARdhnv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3146) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy