General

  • Target

    2024-12-24_7ad1f279301a7d976a85fa7a4bf95fe6_wannacry

  • Size

    5.0MB

  • Sample

    241224-m51ryawjfw

  • MD5

    7ad1f279301a7d976a85fa7a4bf95fe6

  • SHA1

    d3756c94ebfc25da45e7ebf9510edc0e44000c36

  • SHA256

    9dca872721b37b42bfe32ddebc096a70e711015266f9be56e5a4d5994bb8f828

  • SHA512

    86621978b7bd2708bba6169966fa473a528c094f19862c013e0957025b9245b3879a0f6d0f29774d287eb513b97f625fa835f24eff514fd09c9a00805a31dbd0

  • SSDEEP

    98304:nDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:nDqPe1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      2024-12-24_7ad1f279301a7d976a85fa7a4bf95fe6_wannacry

    • Size

      5.0MB

    • MD5

      7ad1f279301a7d976a85fa7a4bf95fe6

    • SHA1

      d3756c94ebfc25da45e7ebf9510edc0e44000c36

    • SHA256

      9dca872721b37b42bfe32ddebc096a70e711015266f9be56e5a4d5994bb8f828

    • SHA512

      86621978b7bd2708bba6169966fa473a528c094f19862c013e0957025b9245b3879a0f6d0f29774d287eb513b97f625fa835f24eff514fd09c9a00805a31dbd0

    • SSDEEP

      98304:nDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:nDqPe1Cxcxk3ZAEUadzR8yc4H

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3165) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks