Overview

overview

10

Static

static

88bb891ec4...8e.dll

windows7_x64

10

88bb891ec4...8e.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88bb891ec46f78c247ceae8ab6909431451761f343363ea9a0cd300d43b73d8e

  • Size

    5.0MB

  • Sample

    210513-feh4fbhzaj

  • MD5

    7b8359d33138f036077cdb02d70d9e37

  • SHA1

    6e3b17124d51173e2e7b04f3ac11c5d096e5de86

  • SHA256

    88bb891ec46f78c247ceae8ab6909431451761f343363ea9a0cd300d43b73d8e

  • SHA512

    4ec0c085593d6428a2f70d857200615e4b6ee9e0956b8228563389eb23d1375bcb72f56313068823eec40ff0ae3d42ef981aaa5f902e23638b937cc987060e2a

Score
10/10
wannacryevasionransomwareworm

Malware Config

Targets

    • Target

      88bb891ec46f78c247ceae8ab6909431451761f343363ea9a0cd300d43b73d8e

    • Size

      5.0MB

    • MD5

      7b8359d33138f036077cdb02d70d9e37

    • SHA1

      6e3b17124d51173e2e7b04f3ac11c5d096e5de86

    • SHA256

      88bb891ec46f78c247ceae8ab6909431451761f343363ea9a0cd300d43b73d8e

    • SHA512

      4ec0c085593d6428a2f70d857200615e4b6ee9e0956b8228563389eb23d1375bcb72f56313068823eec40ff0ae3d42ef981aaa5f902e23638b937cc987060e2a

    Score
    10/10
    wannacryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks