wannacry | 6566655a6089650356d4d240adb90bad9c156228b2bf882600f27c20140ff69d | Triage

Sharing

General

Target

2024-12-18_446b4dd4779954f6d3b705a66bcc8b94_wannacry
Size

5.0MB
Sample

241218-q5hsxa1lgy
MD5

446b4dd4779954f6d3b705a66bcc8b94
SHA1

590ffc60a65908f1c1a97926c5e56745c42efe7c
SHA256

6566655a6089650356d4d240adb90bad9c156228b2bf882600f27c20140ff69d
SHA512

5b4cd3cbcefcb5606c1ea9d4eb253fcb652a13a8bf0b3ff5a30c61f98a4532c99d464943e4fb2c6056c86bb607928a291508b99cff6fdc83681933be940cd642
SSDEEP

49152:QnvMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:QvPoBhz1aRxcSUDk36SA

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  2024-12-18_446b4dd4779954f6d3b705a66bcc8b94_wannacry
- Size
  
  5.0MB
- MD5
  
  446b4dd4779954f6d3b705a66bcc8b94
- SHA1
  
  590ffc60a65908f1c1a97926c5e56745c42efe7c
- SHA256
  
  6566655a6089650356d4d240adb90bad9c156228b2bf882600f27c20140ff69d
- SHA512
  
  5b4cd3cbcefcb5606c1ea9d4eb253fcb652a13a8bf0b3ff5a30c61f98a4532c99d464943e4fb2c6056c86bb607928a291508b99cff6fdc83681933be940cd642
- SSDEEP
  
  49152:QnvMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:QvPoBhz1aRxcSUDk36SA
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (2106) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm