wannacry | fa40bdbdd5305d4fab585b65633e7c27b36ef79ccf51983f8e41ac3573ebf944 | Triage

Submit
Reports

Overview

overview

Static

static

3

fa40bdbdd5...44.dll

windows7-x64

fa40bdbdd5...44.dll

windows10-2004-x64

Sharing

General

Target

fa40bdbdd5305d4fab585b65633e7c27b36ef79ccf51983f8e41ac3573ebf944
Size

5.0MB
Sample

240702-zergsssdmp
MD5

5818d137c6c7324aa05a01c8c3cfe9d9
SHA1

58a75425a9e7331de5f9d62d74d5ab063df90996
SHA256

fa40bdbdd5305d4fab585b65633e7c27b36ef79ccf51983f8e41ac3573ebf944
SHA512

8caf9bf9c3e9225be105814d9a41a10f4a680962e260507a46f4cd9f4d4a610f79ee62c80e019c3b6d2a367e9383e2ddb902ec33568aa625270e053689f44370
SSDEEP

98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2P:d8qPe1Cxcxk3ZAEUadzR8yc4P

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fa40bdbdd5305d4fab585b65633e7c27b36ef79ccf51983f8e41ac3573ebf944.dll

Resource

win7-20240611-en

wannacry discovery ransomware worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa40bdbdd5305d4fab585b65633e7c27b36ef79ccf51983f8e41ac3573ebf944.dll

Resource

win10v2004-20240611-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa40bdbdd5305d4fab585b65633e7c27b36ef79ccf51983f8e41ac3573ebf944
- Size
  
  5.0MB
- MD5
  
  5818d137c6c7324aa05a01c8c3cfe9d9
- SHA1
  
  58a75425a9e7331de5f9d62d74d5ab063df90996
- SHA256
  
  fa40bdbdd5305d4fab585b65633e7c27b36ef79ccf51983f8e41ac3573ebf944
- SHA512
  
  8caf9bf9c3e9225be105814d9a41a10f4a680962e260507a46f4cd9f4d4a610f79ee62c80e019c3b6d2a367e9383e2ddb902ec33568aa625270e053689f44370
- SSDEEP
  
  98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2P:d8qPe1Cxcxk3ZAEUadzR8yc4P
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3208) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy