General
-
Target
mssecsvc.exe
-
Size
3.6MB
-
Sample
220719-qhn2eaccf5
-
MD5
c39c3a9fd55d3eb1445ff15ff38c586d
-
SHA1
85d7541b20a85e68718ec9be6da09834147ee7d6
-
SHA256
5bbc4474a20ba7b969c2aa8677e2833c0a7c306f70f55853d00e3df54c0ae0da
-
SHA512
ba63768d70eca619a1aa207c34a58cfa9658dcb066679be27fbb0221a243baae9171769d0fadf8d7c1557621e8fff5b2d7149af4cf531dc8612a24b19135766a
Static task
static1
Behavioral task
behavioral1
Sample
mssecsvc.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
mssecsvc.exe
-
Size
3.6MB
-
MD5
c39c3a9fd55d3eb1445ff15ff38c586d
-
SHA1
85d7541b20a85e68718ec9be6da09834147ee7d6
-
SHA256
5bbc4474a20ba7b969c2aa8677e2833c0a7c306f70f55853d00e3df54c0ae0da
-
SHA512
ba63768d70eca619a1aa207c34a58cfa9658dcb066679be27fbb0221a243baae9171769d0fadf8d7c1557621e8fff5b2d7149af4cf531dc8612a24b19135766a
Score10/10-
suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
-
suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
-
Contacts a large (653) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Drops file in System32 directory
-