General
-
Target
2025-02-08_a4923d5f5080fc1163d442475328df3c_wannacry
-
Size
3.6MB
-
Sample
250208-dx571stnbq
-
MD5
a4923d5f5080fc1163d442475328df3c
-
SHA1
77ffad80bdeccc06720560ba67efe69be3b0e436
-
SHA256
8a4d148100180e338d771867adc0045f40cb9a3bfca029515e9fb87973e6437c
-
SHA512
bf04d7364224e36cc5c7b1fdd377a4b9328919ccbae8cfcd609bbcb9fce7f2fe5b9a447d2b0c0465fb9f2136607f5e6da0635475269abd43c1fb52cc92ec453d
-
SSDEEP
98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593:yDqPe1Cxcxk3ZAEUadz
Static task
static1
Behavioral task
behavioral1
Sample
2025-02-08_a4923d5f5080fc1163d442475328df3c_wannacry.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2025-02-08_a4923d5f5080fc1163d442475328df3c_wannacry.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
2025-02-08_a4923d5f5080fc1163d442475328df3c_wannacry
-
Size
3.6MB
-
MD5
a4923d5f5080fc1163d442475328df3c
-
SHA1
77ffad80bdeccc06720560ba67efe69be3b0e436
-
SHA256
8a4d148100180e338d771867adc0045f40cb9a3bfca029515e9fb87973e6437c
-
SHA512
bf04d7364224e36cc5c7b1fdd377a4b9328919ccbae8cfcd609bbcb9fce7f2fe5b9a447d2b0c0465fb9f2136607f5e6da0635475269abd43c1fb52cc92ec453d
-
SSDEEP
98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593:yDqPe1Cxcxk3ZAEUadz
-
Wannacry family
-
Contacts a large (3246) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1