Overview

overview

10

Static

static

3

2024-10-12...ry.exe

windows7-x64

10

2024-10-12...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-12_b89ca188f12a0f1244da66cba3d2c85b_wannacry

  • Size

    3.6MB

  • Sample

    241012-frffhszaqn

  • MD5

    b89ca188f12a0f1244da66cba3d2c85b

  • SHA1

    46169b8c24b4534e92750b4a4b366844be2dd9bc

  • SHA256

    a447c5e10dd9cb2974f3fc0a963eb4ccc31099e6e3022718e39660e60e963fc5

  • SHA512

    975b9fc81424c3cc55b52982330b8aa468c9cab58fcaac5b7644dc77e008345584cb3b6d6c22dace1e2e32ccc4fbaa1a9dfae2096683f7470d0a9c03be4b463d

  • SSDEEP

    98304:xDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:xDqPe1Cxcxk3ZAEUadzR8yc4H

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      2024-10-12_b89ca188f12a0f1244da66cba3d2c85b_wannacry

    • Size

      3.6MB

    • MD5

      b89ca188f12a0f1244da66cba3d2c85b

    • SHA1

      46169b8c24b4534e92750b4a4b366844be2dd9bc

    • SHA256

      a447c5e10dd9cb2974f3fc0a963eb4ccc31099e6e3022718e39660e60e963fc5

    • SHA512

      975b9fc81424c3cc55b52982330b8aa468c9cab58fcaac5b7644dc77e008345584cb3b6d6c22dace1e2e32ccc4fbaa1a9dfae2096683f7470d0a9c03be4b463d

    • SSDEEP

      98304:xDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:xDqPe1Cxcxk3ZAEUadzR8yc4H

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3302) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks