Overview

overview

10

Static

static

148c53e6e8...0f.dll

windows7-x64

10

148c53e6e8...0f.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    148c53e6e824ea02536573145e9a280f

  • Size

    5.0MB

  • Sample

    220720-bqnchsaaf7

  • MD5

    148c53e6e824ea02536573145e9a280f

  • SHA1

    2d2506b815ffddf5100a04ecf820c2367f066534

  • SHA256

    d357d032ff72e7ccf7b757f023adb1efee5224a1a6cb88a9d04a75c71869c83f

  • SHA512

    0386866d02b44217237e5810e1b7665cdf874b6d53c04b4883913aec628ce28c3278cf6871ae6e63f9451436935324b2b902f3eade36fcf3d7e5d7622a4bf9d9

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      148c53e6e824ea02536573145e9a280f

    • Size

      5.0MB

    • MD5

      148c53e6e824ea02536573145e9a280f

    • SHA1

      2d2506b815ffddf5100a04ecf820c2367f066534

    • SHA256

      d357d032ff72e7ccf7b757f023adb1efee5224a1a6cb88a9d04a75c71869c83f

    • SHA512

      0386866d02b44217237e5810e1b7665cdf874b6d53c04b4883913aec628ce28c3278cf6871ae6e63f9451436935324b2b902f3eade36fcf3d7e5d7622a4bf9d9

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3119) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1270) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks