wannacry | f1f61586c5d0ed5e922193993790dd8e53b5ffabce22d4c4048985b7b5b6ee70 | Triage

Sharing

General

Target

f1f61586c5d0ed5e922193993790dd8e53b5ffabce22d4c4048985b7b5b6ee70.exe
Size

2.2MB
Sample

241226-s3xv6ayrap
MD5

fd3790efd52b3502c5c71f8a20ff0330
SHA1

91adb2501771eba931343594b7b1be91c33d8710
SHA256

f1f61586c5d0ed5e922193993790dd8e53b5ffabce22d4c4048985b7b5b6ee70
SHA512

7840ad2293b91e1933cc4f57ffefe03ef369ca6f1b71e3d72853bf05ad5b6fa428ccf493c2dfea302e9270dced6e104fe55281931b46704c3cf37bf0785804c6
SSDEEP

49152:QnsEMSPbcBVQej/1INRFSqTdX1HkQo6SAARdhnvf:QfPoBhz1aRFSUDk36SAEdhvf

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Targets

- Target
  
  f1f61586c5d0ed5e922193993790dd8e53b5ffabce22d4c4048985b7b5b6ee70.exe
- Size
  
  2.2MB
- MD5
  
  fd3790efd52b3502c5c71f8a20ff0330
- SHA1
  
  91adb2501771eba931343594b7b1be91c33d8710
- SHA256
  
  f1f61586c5d0ed5e922193993790dd8e53b5ffabce22d4c4048985b7b5b6ee70
- SHA512
  
  7840ad2293b91e1933cc4f57ffefe03ef369ca6f1b71e3d72853bf05ad5b6fa428ccf493c2dfea302e9270dced6e104fe55281931b46704c3cf37bf0785804c6
- SSDEEP
  
  49152:QnsEMSPbcBVQej/1INRFSqTdX1HkQo6SAARdhnvf:QfPoBhz1aRFSUDk36SAEdhvf
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (2314) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm