Overview

overview

10

Static

static

a887a2a64f...90.dll

windows7-x64

10

a887a2a64f...90.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a887a2a64f99c94907f4c002c71a8890

  • Size

    5.0MB

  • Sample

    220720-bt5e7safcn

  • MD5

    a887a2a64f99c94907f4c002c71a8890

  • SHA1

    c6da5fe8653fc1a3bc3f13e1cbfa13eb58072e44

  • SHA256

    77e12c008e54a0bae4ef671851646d046c8bd5cac7be9c4d51a1c6826c4e39d1

  • SHA512

    db1f7d28c041e001ab502a2d4f518df6ab1dd05e6b2d70384e6679f33ab9d1308be62424a4dfab395295bda2c809526755311ad856c0a8b9976662363f7bd62b

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      a887a2a64f99c94907f4c002c71a8890

    • Size

      5.0MB

    • MD5

      a887a2a64f99c94907f4c002c71a8890

    • SHA1

      c6da5fe8653fc1a3bc3f13e1cbfa13eb58072e44

    • SHA256

      77e12c008e54a0bae4ef671851646d046c8bd5cac7be9c4d51a1c6826c4e39d1

    • SHA512

      db1f7d28c041e001ab502a2d4f518df6ab1dd05e6b2d70384e6679f33ab9d1308be62424a4dfab395295bda2c809526755311ad856c0a8b9976662363f7bd62b

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3122) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1229) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks