wannacry | 3f24219503b4d45526ee496397fc08ee3dd10c672adff51cf065961277b0fdb1 | Triage

Sharing

General

Target

3f24219503b4d45526ee496397fc08ee3dd10c672adff51cf065961277b0fdb1.exe
Size

5.0MB
Sample

241116-1tl2asvcph
MD5

9a3b9b42edd0d0a8d9c18dc4a6977ebd
SHA1

c1eb2b5d521a3ee146c01a948d07da796ce46803
SHA256

3f24219503b4d45526ee496397fc08ee3dd10c672adff51cf065961277b0fdb1
SHA512

3fb783cce8244b90224260185b705cae799a292ff4c33e420644d5e509158f937d30aa0d810c701ac81c2e7e7d46e93da7c242ee547f06a4cd9a39dc2ceb2e62
SSDEEP

98304:KDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HukRci7cplXyxNV:KDqPe1Cxcxk3ZAEUadzR8yc4H0ZlivV

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  3f24219503b4d45526ee496397fc08ee3dd10c672adff51cf065961277b0fdb1.exe
- Size
  
  5.0MB
- MD5
  
  9a3b9b42edd0d0a8d9c18dc4a6977ebd
- SHA1
  
  c1eb2b5d521a3ee146c01a948d07da796ce46803
- SHA256
  
  3f24219503b4d45526ee496397fc08ee3dd10c672adff51cf065961277b0fdb1
- SHA512
  
  3fb783cce8244b90224260185b705cae799a292ff4c33e420644d5e509158f937d30aa0d810c701ac81c2e7e7d46e93da7c242ee547f06a4cd9a39dc2ceb2e62
- SSDEEP
  
  98304:KDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HukRci7cplXyxNV:KDqPe1Cxcxk3ZAEUadzR8yc4H0ZlivV
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (2435) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm