Overview

overview

10

Static

static

4880cc5c50...f9.dll

windows7-x64

10

4880cc5c50...f9.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4880cc5c5074c2f58a770c3a292384f9

  • Size

    5.0MB

  • Sample

    220720-cazlaaaggj

  • MD5

    4880cc5c5074c2f58a770c3a292384f9

  • SHA1

    c63ae9a8f1013675ff914b88d257e18bdbac7181

  • SHA256

    eac6b0bbe69ef8c0dc8e36cbff6d5c2a7cb4d662f4d88e5bc8b596b2275d694b

  • SHA512

    914435ff0b3f04c0451bee6aed3b3101f1f89f82cb50c15ee4cddab5716a0a7444ab31afc03103d0d4b0d18467399b3dfc1543749129c3cb7c353db91abda168

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      4880cc5c5074c2f58a770c3a292384f9

    • Size

      5.0MB

    • MD5

      4880cc5c5074c2f58a770c3a292384f9

    • SHA1

      c63ae9a8f1013675ff914b88d257e18bdbac7181

    • SHA256

      eac6b0bbe69ef8c0dc8e36cbff6d5c2a7cb4d662f4d88e5bc8b596b2275d694b

    • SHA512

      914435ff0b3f04c0451bee6aed3b3101f1f89f82cb50c15ee4cddab5716a0a7444ab31afc03103d0d4b0d18467399b3dfc1543749129c3cb7c353db91abda168

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3234) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1127) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks