General

  • Target

    2024-11-20_3822d77b7dea2b66944aff3da4b69a42_wannacry

  • Size

    3.6MB

  • Sample

    241120-bjbp5sxjdz

  • MD5

    3822d77b7dea2b66944aff3da4b69a42

  • SHA1

    d5911ee5daeca4aa650ce772463078572071432c

  • SHA256

    3d88eca19559990d4abb8475af6e36aec87a83d50d735ed27bfe93fbfc80bb3a

  • SHA512

    3686c3fa5d58cdec92376b98dd2739eda766cbe0c767fe426d43cfdd78839b9f4dbd9371434a173f04b1c6c290f7e74ed9861fc784fe5f0caa45a33079c525f4

  • SSDEEP

    6144:iE9l9yNqIYVTH5DgSg8ajldktM0XXrs2QhE:iwbLgPluxQhE

Malware Config

Targets

    • Target

      2024-11-20_3822d77b7dea2b66944aff3da4b69a42_wannacry

    • Size

      3.6MB

    • MD5

      3822d77b7dea2b66944aff3da4b69a42

    • SHA1

      d5911ee5daeca4aa650ce772463078572071432c

    • SHA256

      3d88eca19559990d4abb8475af6e36aec87a83d50d735ed27bfe93fbfc80bb3a

    • SHA512

      3686c3fa5d58cdec92376b98dd2739eda766cbe0c767fe426d43cfdd78839b9f4dbd9371434a173f04b1c6c290f7e74ed9861fc784fe5f0caa45a33079c525f4

    • SSDEEP

      6144:iE9l9yNqIYVTH5DgSg8ajldktM0XXrs2QhE:iwbLgPluxQhE

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3184) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks