Overview

overview

10

Static

static

1f0e544552...46.dll

windows7-x64

10

1f0e544552...46.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f0e54455209d879b8d4a9b06ee00746

  • Size

    5.0MB

  • Sample

    220720-beydcahhh2

  • MD5

    1f0e54455209d879b8d4a9b06ee00746

  • SHA1

    32b59f3433af3d34e9cbf01646981748f7e4a3f4

  • SHA256

    0f1516a8c0600c59defcf96c87c27de6a81e732ecb2f64b5e48904c31ab2cbb2

  • SHA512

    7610c74439843fff55777ed65e97838bc086c0bec432f701c978c6a84142ede788da5b68ac81534aa327047641df300d780d7fe70ae22ed2c4eff921f00290b7

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      1f0e54455209d879b8d4a9b06ee00746

    • Size

      5.0MB

    • MD5

      1f0e54455209d879b8d4a9b06ee00746

    • SHA1

      32b59f3433af3d34e9cbf01646981748f7e4a3f4

    • SHA256

      0f1516a8c0600c59defcf96c87c27de6a81e732ecb2f64b5e48904c31ab2cbb2

    • SHA512

      7610c74439843fff55777ed65e97838bc086c0bec432f701c978c6a84142ede788da5b68ac81534aa327047641df300d780d7fe70ae22ed2c4eff921f00290b7

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3286) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1244) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

3
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks