General

  • Target

    2024-12-21_545a86f9acd10665a02b9e10eda08753_wannacry

  • Size

    5.0MB

  • Sample

    241221-mvtwmsylaq

  • MD5

    545a86f9acd10665a02b9e10eda08753

  • SHA1

    f891834a67a5af27761aadc4de5b465ad20eb0f3

  • SHA256

    032100a8f8ec17c0b2a6603b937b89fd35e37a4e3fa80a84474dbfd46431bbdc

  • SHA512

    e0d6ddd7f547386e9d89c934e5fea5dd51ac57a302c5b0bd64710e19a185f973dd4391100f9b559ec8277e08f8346835c087d36ed75ac3a648347f5d4c41a4d8

  • SSDEEP

    49152:+nFQeMSPbcBVQkINRx+TSqTdX1HkQo6SAARdhnvP:qeePoBpaRxcSUDk36SAEdhvP

Malware Config

Targets

    • Target

      2024-12-21_545a86f9acd10665a02b9e10eda08753_wannacry

    • Size

      5.0MB

    • MD5

      545a86f9acd10665a02b9e10eda08753

    • SHA1

      f891834a67a5af27761aadc4de5b465ad20eb0f3

    • SHA256

      032100a8f8ec17c0b2a6603b937b89fd35e37a4e3fa80a84474dbfd46431bbdc

    • SHA512

      e0d6ddd7f547386e9d89c934e5fea5dd51ac57a302c5b0bd64710e19a185f973dd4391100f9b559ec8277e08f8346835c087d36ed75ac3a648347f5d4c41a4d8

    • SSDEEP

      49152:+nFQeMSPbcBVQkINRx+TSqTdX1HkQo6SAARdhnvP:qeePoBpaRxcSUDk36SAEdhvP

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3202) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks