Exam4Training

What share does the WannaCry ransomware use to connect with the target?

What share does the WannaCry ransomware use to connect with the target?
A . $IPC
B . $Admin
C . $SPOOL
D . $C

Answer: A

Explanation:

The WannaCry ransomware utilizes the $IPC (Inter-Process Communication) share to connect with and infect target machines. This hidden network share supports the operation of named pipes, which facilitates the communication necessary for WannaCry to execute its payload across networks.

Reference: CISA Analysis Report, "WannaCry Ransomware".

WannaCry ransomware uses the SMB (Server Message Block) protocol to propagate through networks and connect to target systems. Specifically, it exploits a vulnerability in SMBv1, known as EternalBlue (MS17-010).

IPC Share: The $IPC (Inter-Process Communication) share is a hidden administrative share used for inter-process communication. WannaCry uses this share to gain access to other machines on the network.

SMB Exploitation: By exploiting the SMB vulnerability, WannaCry can establish a connection to the $IPC share, allowing it to execute the payload on the target machine.

Propagation: Once connected, it deploys the DoublePulsar backdoor and then spreads the ransomware payload.

Given these details, the correct answer is $IPC.

Reference

"WannaCry Ransomware Attack," Wikipedia, WannaCry.

"MS17-010: Security Update for Windows SMB Server," Microsoft, MS17-010.

Exit mobile version