General

  • Target

    2024-11-11_bfe0dc0b375040b43e6a4f5215736af3_wannacry

  • Size

    5.0MB

  • Sample

    241111-t2jsks1frm

  • MD5

    bfe0dc0b375040b43e6a4f5215736af3

  • SHA1

    4746d70bcd976edd34999f8965f14dd4e9205ecc

  • SHA256

    95da88652113687e04c2738029485b3169b1d4f67c691a9525db57470205bce2

  • SHA512

    4857234a550e40b4de1fa39567d858cd583ff4038cc9076e9773f83013151124ebb695944881934c3f0baf2e8b26c8eda396cab8d6cb732e78129297bb3d1c56

  • SSDEEP

    12288:e1bLgmluCti62WfSm0iEcQhfYNVUy7ckPU82900Ve7:QbLguriIfEcQdIVUacMNge

Malware Config

Targets

    • Target

      2024-11-11_bfe0dc0b375040b43e6a4f5215736af3_wannacry

    • Size

      5.0MB

    • MD5

      bfe0dc0b375040b43e6a4f5215736af3

    • SHA1

      4746d70bcd976edd34999f8965f14dd4e9205ecc

    • SHA256

      95da88652113687e04c2738029485b3169b1d4f67c691a9525db57470205bce2

    • SHA512

      4857234a550e40b4de1fa39567d858cd583ff4038cc9076e9773f83013151124ebb695944881934c3f0baf2e8b26c8eda396cab8d6cb732e78129297bb3d1c56

    • SSDEEP

      12288:e1bLgmluCti62WfSm0iEcQhfYNVUy7ckPU82900Ve7:QbLguriIfEcQdIVUacMNge

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3249) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks