wannacry | a427536061ad31d46342736bd5ef018eca16fb447b4d9de34fa5a6cd995a00aa | Triage

Resubmissions

07-11-2024 03:05

241107-dk69jssrhx 10

07-11-2024 02:42

241107-c7d1vatepa 10

Sharing

General

Target

a427536061ad31d46342736bd5ef018eca16fb447b4d9de34fa5a6cd995a00aa
Size

5.0MB
Sample

241107-dk69jssrhx
MD5

99f69f4098b7efa0702b2eafc3b321ff
SHA1

5718379ca78ae4641a87f2dd1264dcf87b8dfef6
SHA256

a427536061ad31d46342736bd5ef018eca16fb447b4d9de34fa5a6cd995a00aa
SHA512

add16fa3d3733e7a5ea698eb0fb4b341b5fcda39991f13b74c98791f2c71c000037af8b579ed87534964b2371686e0a5c31c566ac8c2f22bf7c762fa73f57d30
SSDEEP

98304:7DqPoBhz1aRxcSUDk36SAEdhvxWa9P59Uc/J:7DqPe1Cxcxk3ZAEUadv

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  a427536061ad31d46342736bd5ef018eca16fb447b4d9de34fa5a6cd995a00aa
- Size
  
  5.0MB
- MD5
  
  99f69f4098b7efa0702b2eafc3b321ff
- SHA1
  
  5718379ca78ae4641a87f2dd1264dcf87b8dfef6
- SHA256
  
  a427536061ad31d46342736bd5ef018eca16fb447b4d9de34fa5a6cd995a00aa
- SHA512
  
  add16fa3d3733e7a5ea698eb0fb4b341b5fcda39991f13b74c98791f2c71c000037af8b579ed87534964b2371686e0a5c31c566ac8c2f22bf7c762fa73f57d30
- SSDEEP
  
  98304:7DqPoBhz1aRxcSUDk36SAEdhvxWa9P59Uc/J:7DqPe1Cxcxk3ZAEUadv
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3179) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm