wannacry | 3cb1b3a916c2fe9f1e5e1040044947990513de3cc3abfd4f7767053447414605 | Triage

Resubmissions

14-01-2025 18:00

250114-wlb4xaxkal 10

14-01-2025 17:55

250114-whfmxsvlat 10

14-01-2025 16:13

250114-tpbw7svkgq 10

Sharing

General

Target

2025-01-14_f816f4eeec21d9bff90d56cfec5ee43d_wannacry
Size

3.6MB
Sample

250114-tpbw7svkgq
MD5

f816f4eeec21d9bff90d56cfec5ee43d
SHA1

3cfe2417ba7b0f8c743643e258e9e8d061d58639
SHA256

3cb1b3a916c2fe9f1e5e1040044947990513de3cc3abfd4f7767053447414605
SHA512

0531ff537c64e44ca395cd4757046f1d2b63d5253ee95c82eb85f77fa2364745a4810a4f2dac8dceaabc01e7d2272a8692b06691d5d624d5ea6ac2d9e9a9dc0e
SSDEEP

98304:rDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:rDqPe1Cxcxk3ZAEUadzR8yc4H

Score

10^/10

wannacry discovery evasion ransomware worm

Malware Config

Targets

- Target
  
  2025-01-14_f816f4eeec21d9bff90d56cfec5ee43d_wannacry
- Size
  
  3.6MB
- MD5
  
  f816f4eeec21d9bff90d56cfec5ee43d
- SHA1
  
  3cfe2417ba7b0f8c743643e258e9e8d061d58639
- SHA256
  
  3cb1b3a916c2fe9f1e5e1040044947990513de3cc3abfd4f7767053447414605
- SHA512
  
  0531ff537c64e44ca395cd4757046f1d2b63d5253ee95c82eb85f77fa2364745a4810a4f2dac8dceaabc01e7d2272a8692b06691d5d624d5ea6ac2d9e9a9dc0e
- SSDEEP
  
  98304:rDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:rDqPe1Cxcxk3ZAEUadzR8yc4H
Score

10^/10

wannacry discovery ransomware worm evasion
- Modifies firewall policy service
  evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3275) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryevasionransomwareworm