Overview

overview

10

Static

static

db190b2f9d...04.dll

windows7-x64

10

db190b2f9d...04.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db190b2f9dab5c1eae27e7ca6681a004

  • Size

    5.0MB

  • Sample

    220720-dcq8csbbb7

  • MD5

    db190b2f9dab5c1eae27e7ca6681a004

  • SHA1

    31c283fd95a17a9a3be9026a6b0842604167feea

  • SHA256

    15d8aec156cb496f76e9567747317c2bf9bcaa888caa85bea3addb2e409a43ad

  • SHA512

    13a0a5c9e8e57600035570ec18584716312de6754e08734e8f665c0b08942138cbe976e7324ebd987ff4f967f6d631f277cafd4e18dcf6230289e858b9cf65b4

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      db190b2f9dab5c1eae27e7ca6681a004

    • Size

      5.0MB

    • MD5

      db190b2f9dab5c1eae27e7ca6681a004

    • SHA1

      31c283fd95a17a9a3be9026a6b0842604167feea

    • SHA256

      15d8aec156cb496f76e9567747317c2bf9bcaa888caa85bea3addb2e409a43ad

    • SHA512

      13a0a5c9e8e57600035570ec18584716312de6754e08734e8f665c0b08942138cbe976e7324ebd987ff4f967f6d631f277cafd4e18dcf6230289e858b9cf65b4

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3133) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1119) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks