Overview

overview

10

Static

static

675ca172a6...97.dll

windows7-x64

10

675ca172a6...97.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    675ca172a6c351db3f43d328c7347097

  • Size

    5.0MB

  • Sample

    220720-dk69jsbbh3

  • MD5

    675ca172a6c351db3f43d328c7347097

  • SHA1

    639f9b0451a766e08bcd2faa1de63c6be2032199

  • SHA256

    82c7db85257db40118096aeb119e12783109a38a07c16c621a6f9029dc2e45f9

  • SHA512

    fd59dc6ba85acb20cc7bd71d184c5b163be30712e120b3864df15775ed50bbdd79060b00921310d21556e692cef8ac1ad36945cb8ddc8c0d50a5c30fe3da8a57

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      675ca172a6c351db3f43d328c7347097

    • Size

      5.0MB

    • MD5

      675ca172a6c351db3f43d328c7347097

    • SHA1

      639f9b0451a766e08bcd2faa1de63c6be2032199

    • SHA256

      82c7db85257db40118096aeb119e12783109a38a07c16c621a6f9029dc2e45f9

    • SHA512

      fd59dc6ba85acb20cc7bd71d184c5b163be30712e120b3864df15775ed50bbdd79060b00921310d21556e692cef8ac1ad36945cb8ddc8c0d50a5c30fe3da8a57

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3227) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1253) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks