wannacry | 659ac2da0491e902fd24043867c28eed3b3bfcb2cdd16ff702932631576b2d45 | Triage

Sharing

General

Target

659ac2da0491e902fd24043867c28eed3b3bfcb2cdd16ff702932631576b2d45.exe
Size

5.4MB
Sample

241207-j32dxatndw
MD5

1a9510ec9f14fc9af35d51345d0a0be3
SHA1

96097006b31918bee3cf101cd0ca48507941098f
SHA256

659ac2da0491e902fd24043867c28eed3b3bfcb2cdd16ff702932631576b2d45
SHA512

387d20e6161309f885487336499fd37da2400ce33678e88ff6b1c56f5ac4dc98ab8ced96896dd49535f5d13ab6ee6e3e7a2a87d80365befa6c92e3b6a1faabc9
SSDEEP

49152:RnsEMSPbcBVQejl+TSqTdX1HkQo6SAARdhnvf:1fPoBhhcSUDk36SAEdhvf

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  659ac2da0491e902fd24043867c28eed3b3bfcb2cdd16ff702932631576b2d45.exe
- Size
  
  5.4MB
- MD5
  
  1a9510ec9f14fc9af35d51345d0a0be3
- SHA1
  
  96097006b31918bee3cf101cd0ca48507941098f
- SHA256
  
  659ac2da0491e902fd24043867c28eed3b3bfcb2cdd16ff702932631576b2d45
- SHA512
  
  387d20e6161309f885487336499fd37da2400ce33678e88ff6b1c56f5ac4dc98ab8ced96896dd49535f5d13ab6ee6e3e7a2a87d80365befa6c92e3b6a1faabc9
- SSDEEP
  
  49152:RnsEMSPbcBVQejl+TSqTdX1HkQo6SAARdhnvf:1fPoBhhcSUDk36SAEdhvf
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (2314) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm