Overview

overview

10

Static

static

9792cbeaa0...1d.dll

windows7-x64

10

9792cbeaa0...1d.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9792cbeaa00a9e7f3a58b5827441e71d

  • Size

    5.0MB

  • Sample

    220719-xbrmaahafq

  • MD5

    9792cbeaa00a9e7f3a58b5827441e71d

  • SHA1

    9aa5190aac4d94cbf47293bc8f451192570f6591

  • SHA256

    f4fce5635400f4663593f85e2707e2da36d62ffdc75b1ecc000f749d0fbff687

  • SHA512

    1c34caa13264295e75070a03a2180b55c73c7e72d2396e8a8c33bc224863058095fe08896222cc6088f7ba126cdb2f25a9e1c1f5fbce9d9508cb3b12b0978ccc

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      9792cbeaa00a9e7f3a58b5827441e71d

    • Size

      5.0MB

    • MD5

      9792cbeaa00a9e7f3a58b5827441e71d

    • SHA1

      9aa5190aac4d94cbf47293bc8f451192570f6591

    • SHA256

      f4fce5635400f4663593f85e2707e2da36d62ffdc75b1ecc000f749d0fbff687

    • SHA512

      1c34caa13264295e75070a03a2180b55c73c7e72d2396e8a8c33bc224863058095fe08896222cc6088f7ba126cdb2f25a9e1c1f5fbce9d9508cb3b12b0978ccc

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3292) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (768) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

3
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks