wannacry | d46baceb692e3cf6e3bb0a309c0446541d7a85b7af98d32cdabfd37cf8399d2a | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-10-30...ry.exe

windows7-x64

2024-10-30...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-10-30_6d4be73f2e3c7ba98ea9eda27c9bf7d6_wannacry
Size

5.0MB
Sample

241030-xvdjrs1lfp
MD5

6d4be73f2e3c7ba98ea9eda27c9bf7d6
SHA1

0086de39898ebace21275f5c5c8e0980fc0b7dce
SHA256

d46baceb692e3cf6e3bb0a309c0446541d7a85b7af98d32cdabfd37cf8399d2a
SHA512

da7dd954c19156b3e43bb04a2d9f9ad07828d905e3b4198094744abd814776ba3b902843b4d27cb4c1b8ea3510a296d516a1f269ab83e9e55cae385eda4093e2
SSDEEP

6144:eE9l9ynRIYVTH5DgSgNajldktM0XXrCIai62yV9qbBLIwY:e1bLgmluCti62ybaI

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-10-30_6d4be73f2e3c7ba98ea9eda27c9bf7d6_wannacry.exe

Resource

win7-20241023-en

wannacry discovery ransomware worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-10-30_6d4be73f2e3c7ba98ea9eda27c9bf7d6_wannacry.exe

Resource

win10v2004-20241007-en

wannacry discovery ransomware worm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-10-30_6d4be73f2e3c7ba98ea9eda27c9bf7d6_wannacry
- Size
  
  5.0MB
- MD5
  
  6d4be73f2e3c7ba98ea9eda27c9bf7d6
- SHA1
  
  0086de39898ebace21275f5c5c8e0980fc0b7dce
- SHA256
  
  d46baceb692e3cf6e3bb0a309c0446541d7a85b7af98d32cdabfd37cf8399d2a
- SHA512
  
  da7dd954c19156b3e43bb04a2d9f9ad07828d905e3b4198094744abd814776ba3b902843b4d27cb4c1b8ea3510a296d516a1f269ab83e9e55cae385eda4093e2
- SSDEEP
  
  6144:eE9l9ynRIYVTH5DgSgNajldktM0XXrCIai62yV9qbBLIwY:e1bLgmluCti62ybaI
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3235) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy