wannacry | e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58 | Triage

Sharing

General

Target

e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58.exe
Size

5.0MB
Sample

241123-zlhhgasjhr
MD5

a626ac7cee34f2e18aec109b83babf55
SHA1

12d812851aa7436dc5434a5bee56b9e211f1a1d5
SHA256

e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58
SHA512

2437905ef4c1ee2173c0e1dcd1d4b25bc7848f24a450c9acf16c0c4d9309f6b04a23bc11db2ddc33061d37d34072c2d0ed45b904cccf1468a6f9a3a0619fb4ea
SSDEEP

98304:nnj5mqtRvJEZ+jT4guDNIltHTOibMR3LvYuENf07dFfmh+OcvTrvM3R/zTqg0qFa:nnK2/yGr6Rb

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58.exe
- Size
  
  5.0MB
- MD5
  
  a626ac7cee34f2e18aec109b83babf55
- SHA1
  
  12d812851aa7436dc5434a5bee56b9e211f1a1d5
- SHA256
  
  e75c2ee38aa3468fe7801f61a480dd403348d6577d2f59440a8fb23882a34a58
- SHA512
  
  2437905ef4c1ee2173c0e1dcd1d4b25bc7848f24a450c9acf16c0c4d9309f6b04a23bc11db2ddc33061d37d34072c2d0ed45b904cccf1468a6f9a3a0619fb4ea
- SSDEEP
  
  98304:nnj5mqtRvJEZ+jT4guDNIltHTOibMR3LvYuENf07dFfmh+OcvTrvM3R/zTqg0qFa:nnK2/yGr6Rb
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (2420) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm