Overview

overview

10

Static

static

34d281dc1c...bc.dll

windows7-x64

10

34d281dc1c...bc.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34d281dc1cf62696c6d3b5897243aabc

  • Size

    5.0MB

  • Sample

    220720-b2dx8aabd9

  • MD5

    34d281dc1cf62696c6d3b5897243aabc

  • SHA1

    b5e94cc591d9acd1f04e16d2af251553ee561e0c

  • SHA256

    b5248a20ec1173991c977fa52a8aebbae35f0123be80fe120e827cb0fb5d82cc

  • SHA512

    80a8c192ce8787a4bf767e9b1a0ae60ba4cb77b88522a78e6d876fd5eb10d1eeffa8edfb99e5db82fbbdf586ac4f16af14bbbec5a95387a233f68b81254853de

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      34d281dc1cf62696c6d3b5897243aabc

    • Size

      5.0MB

    • MD5

      34d281dc1cf62696c6d3b5897243aabc

    • SHA1

      b5e94cc591d9acd1f04e16d2af251553ee561e0c

    • SHA256

      b5248a20ec1173991c977fa52a8aebbae35f0123be80fe120e827cb0fb5d82cc

    • SHA512

      80a8c192ce8787a4bf767e9b1a0ae60ba4cb77b88522a78e6d876fd5eb10d1eeffa8edfb99e5db82fbbdf586ac4f16af14bbbec5a95387a233f68b81254853de

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3234) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1258) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

3
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks