Overview

overview

10

Static

static

Windows/MSSECSVC.exe

windows7_x64

10

Windows/MSSECSVC.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a6a46d70b600988f8f809db8b6a8e812416ab138d58381a79363882df3999f0

  • Size

    3.3MB

  • Sample

    220625-ejdfhsfeb9

  • MD5

    131d0488e119529e3265c2dcad26f3f7

  • SHA1

    5bc3c21b36792aa206277cc5483d59661b0c847c

  • SHA256

    3a6a46d70b600988f8f809db8b6a8e812416ab138d58381a79363882df3999f0

  • SHA512

    655c5abbb58b08545698dea59a1b128e539e2966497a17f7d0f3ac168820f98fa36f8a9943220a395e756e32afb7e92818232052faf8401ec96113f12a6ae3c1

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      Windows/MSSECSVC.EXE

    • Size

      3.6MB

    • MD5

      03baffc5d9239b588a88d52978448db6

    • SHA1

      c9b9062f1fa1681481f0a787fbe1fe8b6b6d6486

    • SHA256

      09d086a2f16d620a4c4fd823651fa652f22eb27bb563b682d9372afa69f7662c

    • SHA512

      ae8eabb41df5a4d2cdf04929269e822e8d8911c5e891244d257e85b6013b6a8028938e3287132b2e1ec2edc8e2113f51f52ff2d4d77e54b83f9a730582abccf3

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (2374) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1265) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks