Overview

overview

10

Static

static

9c27887058...94.dll

windows7-x64

10

9c27887058...94.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c27887058bdc8efa7761da28e613994

  • Size

    5.0MB

  • Sample

    220720-bz9bcaabd4

  • MD5

    9c27887058bdc8efa7761da28e613994

  • SHA1

    01be4b3c0fd62ff481450e646453d4e3651b5713

  • SHA256

    121185201c29380e366cdee4e00038fd7aedb191e67498ba97bf85c16e39db6c

  • SHA512

    59c6f7a6f592db777d7802faeef6f3507f4c7d4db9ea2edf4cd685d7220e0c5238cb7fa27b8bce3a2fa87a3fbd8caf4a510bb28efee0a9a0f4df593355ea2d7a

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      9c27887058bdc8efa7761da28e613994

    • Size

      5.0MB

    • MD5

      9c27887058bdc8efa7761da28e613994

    • SHA1

      01be4b3c0fd62ff481450e646453d4e3651b5713

    • SHA256

      121185201c29380e366cdee4e00038fd7aedb191e67498ba97bf85c16e39db6c

    • SHA512

      59c6f7a6f592db777d7802faeef6f3507f4c7d4db9ea2edf4cd685d7220e0c5238cb7fa27b8bce3a2fa87a3fbd8caf4a510bb28efee0a9a0f4df593355ea2d7a

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (2849) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1213) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks