Overview

overview

10

Static

static

5c7ccee392...aa.dll

windows7-x64

10

5c7ccee392...aa.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c7ccee392be19a1410dd69479bb9aaa

  • Size

    5.0MB

  • Sample

    220720-back3sadem

  • MD5

    5c7ccee392be19a1410dd69479bb9aaa

  • SHA1

    b35778532b222a35147c77a7a4497a236793815b

  • SHA256

    f72611c5668e9ea1177f96b11318d74b446eaba038723226d0b9d02173f00086

  • SHA512

    63d2670b01294ba10e9047f8de06a3c0a8ce04eaae8738577214164b5cb625a45fdec41a2750f088c3c05da38673473678b6ae5d71002d60a943344bb30810cc

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      5c7ccee392be19a1410dd69479bb9aaa

    • Size

      5.0MB

    • MD5

      5c7ccee392be19a1410dd69479bb9aaa

    • SHA1

      b35778532b222a35147c77a7a4497a236793815b

    • SHA256

      f72611c5668e9ea1177f96b11318d74b446eaba038723226d0b9d02173f00086

    • SHA512

      63d2670b01294ba10e9047f8de06a3c0a8ce04eaae8738577214164b5cb625a45fdec41a2750f088c3c05da38673473678b6ae5d71002d60a943344bb30810cc

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3092) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1266) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks