wannacry | 527d79357bf1ec94197e8e9cd404073060508ad7a77b714cc7c2f2e34ad08623 | Triage

Submit
Reports

Overview

overview

Static

static

3

527d79357b...23.dll

windows7-x64

527d79357b...23.dll

windows10-2004-x64

Sharing

General

Target

527d79357bf1ec94197e8e9cd404073060508ad7a77b714cc7c2f2e34ad08623
Size

5.0MB
Sample

241018-t7hsgaxdjf
MD5

40730e4027614dd45d6aae3f4dca0a48
SHA1

13d9812a91640771c4acc6f98aef1d1b28a38b1c
SHA256

527d79357bf1ec94197e8e9cd404073060508ad7a77b714cc7c2f2e34ad08623
SHA512

e5c0227ad427bdc90ca6001f9284bdb5b54f247c6b19dedc30a951f908fe1f8799294649bc647209482c84c900d21783d1c18d533644f64b38efd51d8d8ec0f5
SSDEEP

12288:TQbLgmluyQhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DHeQYSUjEXF5:MbLguVQhfdmMSirYbcMNgef0QeQjG

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

527d79357bf1ec94197e8e9cd404073060508ad7a77b714cc7c2f2e34ad08623.dll

Resource

win7-20240708-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

527d79357bf1ec94197e8e9cd404073060508ad7a77b714cc7c2f2e34ad08623.dll

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  527d79357bf1ec94197e8e9cd404073060508ad7a77b714cc7c2f2e34ad08623
- Size
  
  5.0MB
- MD5
  
  40730e4027614dd45d6aae3f4dca0a48
- SHA1
  
  13d9812a91640771c4acc6f98aef1d1b28a38b1c
- SHA256
  
  527d79357bf1ec94197e8e9cd404073060508ad7a77b714cc7c2f2e34ad08623
- SHA512
  
  e5c0227ad427bdc90ca6001f9284bdb5b54f247c6b19dedc30a951f908fe1f8799294649bc647209482c84c900d21783d1c18d533644f64b38efd51d8d8ec0f5
- SSDEEP
  
  12288:TQbLgmluyQhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DHeQYSUjEXF5:MbLguVQhfdmMSirYbcMNgef0QeQjG
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3185) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy