wannacry | 0136e271dc5aa1c134738a0eedb6bb662a0b7d45697d964d38af4c117d3c5f65 | Triage

Submit
Reports

Overview

overview

Static

static

3

202407041f...ry.exe

windows7-x64

202407041f...ry.exe

windows10-2004-x64

Sharing

General

Target

202407041f132682160c33b85bc32f280b2ce70cwannacry
Size

5.0MB
Sample

240704-r1smzsxhmn
MD5

1f132682160c33b85bc32f280b2ce70c
SHA1

47666b3d473c5529ba76951a1f749f01b6e1ceb5
SHA256

0136e271dc5aa1c134738a0eedb6bb662a0b7d45697d964d38af4c117d3c5f65
SHA512

3c6d229b4be308fd6788072c202b42e06fbe92c4777ffd241f47b91e36b7c4d285cab7cfe7160cb7b3cba6b9115704dac054e0edfd5648854d6d0832c5189d94
SSDEEP

49152:VnjQWKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:Z8IfBhz1aRxcSUDk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

202407041f132682160c33b85bc32f280b2ce70cwannacry.exe

Resource

win7-20240508-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

202407041f132682160c33b85bc32f280b2ce70cwannacry.exe

Resource

win10v2004-20240508-en

wannacry discovery ransomware worm

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  202407041f132682160c33b85bc32f280b2ce70cwannacry
- Size
  
  5.0MB
- MD5
  
  1f132682160c33b85bc32f280b2ce70c
- SHA1
  
  47666b3d473c5529ba76951a1f749f01b6e1ceb5
- SHA256
  
  0136e271dc5aa1c134738a0eedb6bb662a0b7d45697d964d38af4c117d3c5f65
- SHA512
  
  3c6d229b4be308fd6788072c202b42e06fbe92c4777ffd241f47b91e36b7c4d285cab7cfe7160cb7b3cba6b9115704dac054e0edfd5648854d6d0832c5189d94
- SSDEEP
  
  49152:VnjQWKUacBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:Z8IfBhz1aRxcSUDk36SAEdhv
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3103) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy