Overview

overview

10

Static

static

3

2024-10-17...ry.exe

windows7-x64

10

2024-10-17...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-17_6ec6808eddeb12a38d7fae69a7d122a4_wannacry

  • Size

    5.0MB

  • Sample

    241017-pkbnes1aln

  • MD5

    6ec6808eddeb12a38d7fae69a7d122a4

  • SHA1

    0ca78866d724a24b1ace672472755f9204e7d561

  • SHA256

    9e238f67456ee525c46917bf2b78737880180ade02e2b270f3c756245e9af0b3

  • SHA512

    e25f5b9b8ee83a3bf8cffb6c642215e2a1e093ec6bc3a927910d610725bc493c23f4e36b8130670e23b59d5f21bf957621d8e1e245a1643864a9872b8ea1bd3b

  • SSDEEP

    98304:UDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2U:UDqPe1Cxcxk3ZAEUadzR8yc4

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      2024-10-17_6ec6808eddeb12a38d7fae69a7d122a4_wannacry

    • Size

      5.0MB

    • MD5

      6ec6808eddeb12a38d7fae69a7d122a4

    • SHA1

      0ca78866d724a24b1ace672472755f9204e7d561

    • SHA256

      9e238f67456ee525c46917bf2b78737880180ade02e2b270f3c756245e9af0b3

    • SHA512

      e25f5b9b8ee83a3bf8cffb6c642215e2a1e093ec6bc3a927910d610725bc493c23f4e36b8130670e23b59d5f21bf957621d8e1e245a1643864a9872b8ea1bd3b

    • SSDEEP

      98304:UDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2U:UDqPe1Cxcxk3ZAEUadzR8yc4

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3170) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks