General

  • Target

    2024-10-25_16392d7876ca8a5628e8289b057075f4_wannacry

  • Size

    5.0MB

  • Sample

    241025-n6xx4szdmp

  • MD5

    16392d7876ca8a5628e8289b057075f4

  • SHA1

    babf81e372efc30e353b6aae69fa828b9db8db20

  • SHA256

    6660361e2280d85e88bbf10a4511eb5c76a24fa5812dad190607a48c7900196f

  • SHA512

    a41fcbc1034783f2f2413593cbc1301f8c4e04a2b5b23c504cc8354716eb9bd41f593d76652da79573d184871fea21c28ea6fe7fa0629a4075ed7d0c6b2ce44e

  • SSDEEP

    49152:XnAQqMSPbcBVQej/1INRYdhnvxJM0H9PAMEc:XDqPoBhz1aRYdhvxWa9P5

Malware Config

Targets

    • Target

      2024-10-25_16392d7876ca8a5628e8289b057075f4_wannacry

    • Size

      5.0MB

    • MD5

      16392d7876ca8a5628e8289b057075f4

    • SHA1

      babf81e372efc30e353b6aae69fa828b9db8db20

    • SHA256

      6660361e2280d85e88bbf10a4511eb5c76a24fa5812dad190607a48c7900196f

    • SHA512

      a41fcbc1034783f2f2413593cbc1301f8c4e04a2b5b23c504cc8354716eb9bd41f593d76652da79573d184871fea21c28ea6fe7fa0629a4075ed7d0c6b2ce44e

    • SSDEEP

      49152:XnAQqMSPbcBVQej/1INRYdhnvxJM0H9PAMEc:XDqPoBhz1aRYdhvxWa9P5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3239) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks