General

  • Target

    2024-11-23_f484573dd5ec90ad7047077561c474e2_wannacry

  • Size

    5.0MB

  • Sample

    241123-qhm44svqbt

  • MD5

    f484573dd5ec90ad7047077561c474e2

  • SHA1

    47b7c67fba2f0a1c9f904cf20131924d24b752e1

  • SHA256

    f0708de327654842703a911207af97d0352c636d83f272351b45d8e1f8eecdaf

  • SHA512

    fff71dd3e04f3cb942990b44a994411b33135e5af9bb22a67be1418dfa01c324279a4ff505cbea53d770bd5d914f1632294a3ffaa3bf03d9deadef64798e9d81

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:yDqPoBhz1aRxcSUDk36SA

Malware Config

Targets

    • Target

      2024-11-23_f484573dd5ec90ad7047077561c474e2_wannacry

    • Size

      5.0MB

    • MD5

      f484573dd5ec90ad7047077561c474e2

    • SHA1

      47b7c67fba2f0a1c9f904cf20131924d24b752e1

    • SHA256

      f0708de327654842703a911207af97d0352c636d83f272351b45d8e1f8eecdaf

    • SHA512

      fff71dd3e04f3cb942990b44a994411b33135e5af9bb22a67be1418dfa01c324279a4ff505cbea53d770bd5d914f1632294a3ffaa3bf03d9deadef64798e9d81

    • SSDEEP

      49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:yDqPoBhz1aRxcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3318) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks