Overview

overview

10

Static

static

43b8bb691f...cb.dll

windows7-x64

10

43b8bb691f...cb.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43b8bb691f84c4ec8b4030f251681bcb

  • Size

    5.0MB

  • Sample

    220720-bhsl9saecr

  • MD5

    43b8bb691f84c4ec8b4030f251681bcb

  • SHA1

    088dcb05085bd3228f55c0feb15d5ace31ca4ad8

  • SHA256

    1616ac5ea843d3c16cc332eef4b910fddf5cab1c9f6e98fe17a87bbf8f3c15ce

  • SHA512

    60f904f3dfceb48ae2479f4866d55e575091f70de622c78a1e15fa4fb5b293e5951822c936f0dc867c92472aba26a74d6c437299be7854badfb4d0030018887b

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      43b8bb691f84c4ec8b4030f251681bcb

    • Size

      5.0MB

    • MD5

      43b8bb691f84c4ec8b4030f251681bcb

    • SHA1

      088dcb05085bd3228f55c0feb15d5ace31ca4ad8

    • SHA256

      1616ac5ea843d3c16cc332eef4b910fddf5cab1c9f6e98fe17a87bbf8f3c15ce

    • SHA512

      60f904f3dfceb48ae2479f4866d55e575091f70de622c78a1e15fa4fb5b293e5951822c936f0dc867c92472aba26a74d6c437299be7854badfb4d0030018887b

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3240) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1271) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks