Overview

overview

10

Static

static

3

2024-11-10...ry.exe

windows7-x64

10

2024-11-10...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-10_0ba0bc85f73eaff3c610778d903048d4_wannacry

  • Size

    5.0MB

  • Sample

    241110-rqqewa1qhq

  • MD5

    0ba0bc85f73eaff3c610778d903048d4

  • SHA1

    476be04618e16f5876c2cb3ee0cb43c6a3c85779

  • SHA256

    cf3494f6313f1b474cc1c261a1cf94d1095212c62ed19a5ae16d9ab9fec5e57d

  • SHA512

    d43419db90c9e4fb1f4c89958803feafe68fc8f962f2ca543a33f3a1954146f446f5a35dfea715f699c95acb0b2763ab26ecebb07542735dbc4c16204b798f19

  • SSDEEP

    98304:SDqPoBt1aRxcSUDk36SAEdhvxWa9P593R+:SDqPO1Cxcxk3ZAEUadzR

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      2024-11-10_0ba0bc85f73eaff3c610778d903048d4_wannacry

    • Size

      5.0MB

    • MD5

      0ba0bc85f73eaff3c610778d903048d4

    • SHA1

      476be04618e16f5876c2cb3ee0cb43c6a3c85779

    • SHA256

      cf3494f6313f1b474cc1c261a1cf94d1095212c62ed19a5ae16d9ab9fec5e57d

    • SHA512

      d43419db90c9e4fb1f4c89958803feafe68fc8f962f2ca543a33f3a1954146f446f5a35dfea715f699c95acb0b2763ab26ecebb07542735dbc4c16204b798f19

    • SSDEEP

      98304:SDqPoBt1aRxcSUDk36SAEdhvxWa9P593R+:SDqPO1Cxcxk3ZAEUadzR

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Wannacry family

      wannacry

    • Contacts a large (3145) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks