General

  • Target

    2024-12-23_44c3fb23ef9931dfdcb5eb040b6627df_wannacry

  • Size

    5.0MB

  • Sample

    241223-pmc92azlbn

  • MD5

    44c3fb23ef9931dfdcb5eb040b6627df

  • SHA1

    b5ca1e10ea5d80e03c88a0e255b27fe778374d09

  • SHA256

    fabf488df1f3a0af9b0fef97d0226e09864bc7dae2db5d2396e06bc694a97c12

  • SHA512

    db4440b0dd72ed4a6157a257259ffd08fc2795abe3947509ab02908214523f4eb377b56c0a6d0200ac7c411dc1b9f4e1aa30387be8ace87f904051abce366570

  • SSDEEP

    49152:XnAQqMSPbcBVQej/1INRMAMEcaEau3R8yAH1plAU3:XDqPoBhz1aRM593R8yAVp2U3

Malware Config

Targets

    • Target

      2024-12-23_44c3fb23ef9931dfdcb5eb040b6627df_wannacry

    • Size

      5.0MB

    • MD5

      44c3fb23ef9931dfdcb5eb040b6627df

    • SHA1

      b5ca1e10ea5d80e03c88a0e255b27fe778374d09

    • SHA256

      fabf488df1f3a0af9b0fef97d0226e09864bc7dae2db5d2396e06bc694a97c12

    • SHA512

      db4440b0dd72ed4a6157a257259ffd08fc2795abe3947509ab02908214523f4eb377b56c0a6d0200ac7c411dc1b9f4e1aa30387be8ace87f904051abce366570

    • SSDEEP

      49152:XnAQqMSPbcBVQej/1INRMAMEcaEau3R8yAH1plAU3:XDqPoBhz1aRM593R8yAVp2U3

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3261) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Modifies file permissions

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks