Overview

overview

10

Static

static

14f964c2a2...76.dll

windows7-x64

10

14f964c2a2...76.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14f964c2a20d1e25ffc3457367909b76

  • Size

    5.0MB

  • Sample

    220720-dp7e4sbcb6

  • MD5

    14f964c2a20d1e25ffc3457367909b76

  • SHA1

    38095333280b2976026866ee9efd050cb1646b94

  • SHA256

    8984534b84ac860b4f2a8e99a6fe911b22cc21320ba1bb0c5a1bb1fd1d52bea1

  • SHA512

    e28c163a09be95d29fe126b4f3bd393b60c52e70400180479fd4c1551fcaf47a366e4a4a158979504431d60b3300285b8c2574d23742515aec7b6c7ff9871f91

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      14f964c2a20d1e25ffc3457367909b76

    • Size

      5.0MB

    • MD5

      14f964c2a20d1e25ffc3457367909b76

    • SHA1

      38095333280b2976026866ee9efd050cb1646b94

    • SHA256

      8984534b84ac860b4f2a8e99a6fe911b22cc21320ba1bb0c5a1bb1fd1d52bea1

    • SHA512

      e28c163a09be95d29fe126b4f3bd393b60c52e70400180479fd4c1551fcaf47a366e4a4a158979504431d60b3300285b8c2574d23742515aec7b6c7ff9871f91

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (2671) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (1310) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks