wannacry | f8dd1ee5eb1d7e0ef4e891675f3d3014f6591e5bc23edf81cebfde59cad738d5 | Triage

Sharing

General

Target

2025-01-21_fe1fffbf1f03067f6c6bbbed2de7ab02_wannacry
Size

5.0MB
Sample

250121-sxahnszqg1
MD5

fe1fffbf1f03067f6c6bbbed2de7ab02
SHA1

8aa130adb01f980d7ade06d57946ddf19ebe370f
SHA256

f8dd1ee5eb1d7e0ef4e891675f3d3014f6591e5bc23edf81cebfde59cad738d5
SHA512

89057f5dd0c92b69d7710d00f8e2de40dcadc3f6c3567ea8c1df22fd9cc573d6139ea9ead28dd0b91be459a703423c3c27910dd80ecc21df04829b75796a8f19
SSDEEP

24576:/bLgdaihdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLK6+vbOSSqTPVXgk+RdhAdm0:/nRMSPbcBVQej/1INx+TSqTdXeRdhnv

Score

10^/10

wannacry defense_evasion discovery ransomware worm

Malware Config

Targets

- Target
  
  2025-01-21_fe1fffbf1f03067f6c6bbbed2de7ab02_wannacry
- Size
  
  5.0MB
- MD5
  
  fe1fffbf1f03067f6c6bbbed2de7ab02
- SHA1
  
  8aa130adb01f980d7ade06d57946ddf19ebe370f
- SHA256
  
  f8dd1ee5eb1d7e0ef4e891675f3d3014f6591e5bc23edf81cebfde59cad738d5
- SHA512
  
  89057f5dd0c92b69d7710d00f8e2de40dcadc3f6c3567ea8c1df22fd9cc573d6139ea9ead28dd0b91be459a703423c3c27910dd80ecc21df04829b75796a8f19
- SSDEEP
  
  24576:/bLgdaihdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLK6+vbOSSqTPVXgk+RdhAdm0:/nRMSPbcBVQej/1INx+TSqTdXeRdhnv
Score

10^/10

wannacry discovery ransomware worm defense_evasion
- Modifies firewall policy service
  defense_evasion
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Contacts a large (3259) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydefense_evasiondiscoveryransomwareworm