General

  • Target

    2024-12-25_929106faad5dba31b540295444b7ffb0_wannacry

  • Size

    5.0MB

  • Sample

    241225-mk8xtasjfv

  • MD5

    929106faad5dba31b540295444b7ffb0

  • SHA1

    a7b332919eab4d9d39f05bd3c4451572772931c6

  • SHA256

    3ec5029b4fcfc8d06a3f7c13d77492a820ae16f3ddf08799f5b8764ae366852c

  • SHA512

    a0c7622ef4dbf8161f8feb7bbd2c1cfb144fe1a23dcf2395af10a3d88d195d71257f0a00decad35048c149782bbc6542529d1945e703d37a4d239ab4b72a6407

  • SSDEEP

    98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8:yDqPe1Cxcxk3ZAEUadzR8

Malware Config

Targets

    • Target

      2024-12-25_929106faad5dba31b540295444b7ffb0_wannacry

    • Size

      5.0MB

    • MD5

      929106faad5dba31b540295444b7ffb0

    • SHA1

      a7b332919eab4d9d39f05bd3c4451572772931c6

    • SHA256

      3ec5029b4fcfc8d06a3f7c13d77492a820ae16f3ddf08799f5b8764ae366852c

    • SHA512

      a0c7622ef4dbf8161f8feb7bbd2c1cfb144fe1a23dcf2395af10a3d88d195d71257f0a00decad35048c149782bbc6542529d1945e703d37a4d239ab4b72a6407

    • SSDEEP

      98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8:yDqPe1Cxcxk3ZAEUadzR8

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3328) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks