Overview

overview

10

Static

static

75bd0b8e4c...64.dll

windows7-x64

10

75bd0b8e4c...64.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75bd0b8e4cd2bfcdca7271eaf6669564

  • Size

    5.0MB

  • Sample

    220720-dhcl6abgeq

  • MD5

    75bd0b8e4cd2bfcdca7271eaf6669564

  • SHA1

    90d196a866208e23a01b6878d19fc1036e57ebb8

  • SHA256

    786bee98d3899dd8d10e7da19c1f1232721946e235d60f7ae023b0c0832501c6

  • SHA512

    12aef2c729e2cfbbc241027d370300f85bd97d52e2e1dbc960f39f7f2c31dd4fdab561fc5b1e3a38d9b018d7ec33e8a499879573c065652ba6be096aeaaa945b

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      75bd0b8e4cd2bfcdca7271eaf6669564

    • Size

      5.0MB

    • MD5

      75bd0b8e4cd2bfcdca7271eaf6669564

    • SHA1

      90d196a866208e23a01b6878d19fc1036e57ebb8

    • SHA256

      786bee98d3899dd8d10e7da19c1f1232721946e235d60f7ae023b0c0832501c6

    • SHA512

      12aef2c729e2cfbbc241027d370300f85bd97d52e2e1dbc960f39f7f2c31dd4fdab561fc5b1e3a38d9b018d7ec33e8a499879573c065652ba6be096aeaaa945b

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3161) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1258) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

3
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks