Overview

overview

10

Static

static

d9e7ce62b7...e8.dll

windows7-x64

10

d9e7ce62b7...e8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9e7ce62b7258aef0c08e810a63bc7e8

  • Size

    5.0MB

  • Sample

    220720-cplb7sbcbj

  • MD5

    d9e7ce62b7258aef0c08e810a63bc7e8

  • SHA1

    ca77890a7536ce156a68833bec24c53586dc540f

  • SHA256

    db36a6594df6e15f2fa17e3d9210cafca305d7dcd3ddf49e6cf9d171778b1c81

  • SHA512

    ebde982dda503923648782b558ea8e3d2ae9f4fb5d6cd5f27cc1f0d4f0c273486e50c9066a255db4e417d8cc1cab32862a17adaf3c1f0186cac66ab3eb8e93a4

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      d9e7ce62b7258aef0c08e810a63bc7e8

    • Size

      5.0MB

    • MD5

      d9e7ce62b7258aef0c08e810a63bc7e8

    • SHA1

      ca77890a7536ce156a68833bec24c53586dc540f

    • SHA256

      db36a6594df6e15f2fa17e3d9210cafca305d7dcd3ddf49e6cf9d171778b1c81

    • SHA512

      ebde982dda503923648782b558ea8e3d2ae9f4fb5d6cd5f27cc1f0d4f0c273486e50c9066a255db4e417d8cc1cab32862a17adaf3c1f0186cac66ab3eb8e93a4

    Score
    10/10
    wannacryransomwarewormdiscovery

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (2986) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks