Overview

overview

10

Static

static

8b2abbfef3...fa.dll

windows7-x64

10

8b2abbfef3...fa.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b2abbfef3b29b00800de344537eb9fa

  • Size

    5.0MB

  • Sample

    220720-bv9fjsafdp

  • MD5

    8b2abbfef3b29b00800de344537eb9fa

  • SHA1

    f3c952eebc98b005b959edd1dd1f11a1e6b35d80

  • SHA256

    9788bb4aa5832885b44033081fbf1e36cfb177f55c90b6e75eb7f60f35400c24

  • SHA512

    2f1c22dfe5f464bd94677c47ba0b1b45fb6014cb6d1bb454f92d511745f150be68901945723f838bb08bfcb1e4e858f08f9644090de0bcab05bc623ed6572eef

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      8b2abbfef3b29b00800de344537eb9fa

    • Size

      5.0MB

    • MD5

      8b2abbfef3b29b00800de344537eb9fa

    • SHA1

      f3c952eebc98b005b959edd1dd1f11a1e6b35d80

    • SHA256

      9788bb4aa5832885b44033081fbf1e36cfb177f55c90b6e75eb7f60f35400c24

    • SHA512

      2f1c22dfe5f464bd94677c47ba0b1b45fb6014cb6d1bb454f92d511745f150be68901945723f838bb08bfcb1e4e858f08f9644090de0bcab05bc623ed6572eef

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3108) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1230) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

3
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks