General

  • Target

    2024-12-23_525a7037380e83146c5d9fc83aa11272_wannacry

  • Size

    5.0MB

  • Sample

    241223-p1649szmaz

  • MD5

    525a7037380e83146c5d9fc83aa11272

  • SHA1

    9a36f7b2150f367bbbee766356ca768dd1af5e5a

  • SHA256

    e518aec9e3c9b14f9aa425182fbf94fb83d15605eb5e9668d50f046cc1ee5325

  • SHA512

    6eab32b2b805abba5bc3d13dda005c0008ca36fe8f2a21f5e74e5533111d2f6f824c1e4aab9c7ca218d51b07f8837874c5c3f964c817221b54df3468d380eea6

  • SSDEEP

    24576:XbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYo:XnAQqMSPbcBVQej/1

Malware Config

Targets

    • Target

      2024-12-23_525a7037380e83146c5d9fc83aa11272_wannacry

    • Size

      5.0MB

    • MD5

      525a7037380e83146c5d9fc83aa11272

    • SHA1

      9a36f7b2150f367bbbee766356ca768dd1af5e5a

    • SHA256

      e518aec9e3c9b14f9aa425182fbf94fb83d15605eb5e9668d50f046cc1ee5325

    • SHA512

      6eab32b2b805abba5bc3d13dda005c0008ca36fe8f2a21f5e74e5533111d2f6f824c1e4aab9c7ca218d51b07f8837874c5c3f964c817221b54df3468d380eea6

    • SSDEEP

      24576:XbLgddQhfdmMSirYbcMNgef0QeQjG/D8kIqRYo:XnAQqMSPbcBVQej/1

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3324) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks