wannacry | 4641216ac5970ad74ae3d73cc81b430657a8c2cd4bb2637bd5a600153e2af56b | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-06-28...ry.exe

windows7-x64

2024-06-28...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-06-28_dd9faac1734f49e66f76397a2eb995ff_wannacry
Size

5.0MB
Sample

240628-nfkj4azakr
MD5

dd9faac1734f49e66f76397a2eb995ff
SHA1

0eaf09665b99951f67660e3a94bccdd285fcffa8
SHA256

4641216ac5970ad74ae3d73cc81b430657a8c2cd4bb2637bd5a600153e2af56b
SHA512

bc256348512e93e7a4130ff749ceb3f48267ad51d44a7e959c46ab16368d4b5d709a8ee15fb372ef5a2706676f3bfee55b9dd642a04a8ef055186ed3d723860d
SSDEEP

98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9gtnXRUAeTKwz3Qqgbz:XDqPe1Cxcxk3ZAEUayXFaKwMt3

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-06-28_dd9faac1734f49e66f76397a2eb995ff_wannacry.exe

Resource

win7-20240221-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-28_dd9faac1734f49e66f76397a2eb995ff_wannacry.exe

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-28_dd9faac1734f49e66f76397a2eb995ff_wannacry
- Size
  
  5.0MB
- MD5
  
  dd9faac1734f49e66f76397a2eb995ff
- SHA1
  
  0eaf09665b99951f67660e3a94bccdd285fcffa8
- SHA256
  
  4641216ac5970ad74ae3d73cc81b430657a8c2cd4bb2637bd5a600153e2af56b
- SHA512
  
  bc256348512e93e7a4130ff749ceb3f48267ad51d44a7e959c46ab16368d4b5d709a8ee15fb372ef5a2706676f3bfee55b9dd642a04a8ef055186ed3d723860d
- SSDEEP
  
  98304:XDqPoBhz1aRxcSUDk36SAEdhvxWa9gtnXRUAeTKwz3Qqgbz:XDqPe1Cxcxk3ZAEUayXFaKwMt3
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3310) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy