wannacry | a783a9413faa1f511f93d5449260cf036b31ba65c4a07a710ecea349dc4da754 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-06-29...ry.exe

windows7-x64

2024-06-29...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-06-29_8ac52b3c64ce498847e96dc7905ed113_wannacry
Size

3.6MB
Sample

240629-lj1pdaxgnn
MD5

8ac52b3c64ce498847e96dc7905ed113
SHA1

2ad6d2351d61768e9521b5743e757b1ccc8b0fca
SHA256

a783a9413faa1f511f93d5449260cf036b31ba65c4a07a710ecea349dc4da754
SHA512

cdcf06e6d4b133005dc08c1ff2dadcec49e82fd835bdec4a5faa76e5a6df93f997295b5110fc2ad2ab1eaab2697522b6e8e6799554bce04c06a887a6123ced41
SSDEEP

98304:G8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HruG:G8qPe1Cxcxk3ZAEUadzR8yc4HF

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-06-29_8ac52b3c64ce498847e96dc7905ed113_wannacry.exe

Resource

win7-20240419-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-29_8ac52b3c64ce498847e96dc7905ed113_wannacry.exe

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-29_8ac52b3c64ce498847e96dc7905ed113_wannacry
- Size
  
  3.6MB
- MD5
  
  8ac52b3c64ce498847e96dc7905ed113
- SHA1
  
  2ad6d2351d61768e9521b5743e757b1ccc8b0fca
- SHA256
  
  a783a9413faa1f511f93d5449260cf036b31ba65c4a07a710ecea349dc4da754
- SHA512
  
  cdcf06e6d4b133005dc08c1ff2dadcec49e82fd835bdec4a5faa76e5a6df93f997295b5110fc2ad2ab1eaab2697522b6e8e6799554bce04c06a887a6123ced41
- SSDEEP
  
  98304:G8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HruG:G8qPe1Cxcxk3ZAEUadzR8yc4HF
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3209) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy