wannacry | 76fc84ecb5a3819becd6def2023425f9c2367e8371a380c45667e2a7bd4e074d | Triage

Sharing

General

Target

2024-10-14_ba9521539303ec74666b7d6708f1183f_wannacry
Size

5.0MB
Sample

241014-tfn56stajd
MD5

ba9521539303ec74666b7d6708f1183f
SHA1

7515d1267c30d185304b0bb957f0583862cb8d7e
SHA256

76fc84ecb5a3819becd6def2023425f9c2367e8371a380c45667e2a7bd4e074d
SHA512

e655af428469498b7dffb31dbce84b361521cf45edf05217f36e6a8b4f0fc7704af641e236ce1e8157bd0ae9816cb67ff71047e6ff7c0b1377e993338ea8631e
SSDEEP

49152:9njQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SOMEcaEau3R8yAH1plAH:x8qPoBhz1aRxcSUDk36Sf93R8yAVp2H

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  2024-10-14_ba9521539303ec74666b7d6708f1183f_wannacry
- Size
  
  5.0MB
- MD5
  
  ba9521539303ec74666b7d6708f1183f
- SHA1
  
  7515d1267c30d185304b0bb957f0583862cb8d7e
- SHA256
  
  76fc84ecb5a3819becd6def2023425f9c2367e8371a380c45667e2a7bd4e074d
- SHA512
  
  e655af428469498b7dffb31dbce84b361521cf45edf05217f36e6a8b4f0fc7704af641e236ce1e8157bd0ae9816cb67ff71047e6ff7c0b1377e993338ea8631e
- SSDEEP
  
  49152:9njQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SOMEcaEau3R8yAH1plAH:x8qPoBhz1aRxcSUDk36Sf93R8yAVp2H
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3343) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm