General

  • Target

    360e9afeb89571426b8f82d3c34b4046

  • Size

    5.0MB

  • Sample

    220720-h3s7vsdad3

  • MD5

    360e9afeb89571426b8f82d3c34b4046

  • SHA1

    3cc0548317729d168723a824c3ba6be3f617feb1

  • SHA256

    60a44dcf4c9a41135b71f0fe7cc9543afe016d0488b2dce52986f85020de6ebb

  • SHA512

    5b50e0c6d57d044673196f7b7fdc0cf4dac582e004a783418abd4b6380b395b2d476d818db9a7b0ef8b2e4d4a4e338ce41597750765d24c2ff214487a209b204

Malware Config

Targets

    • Target

      360e9afeb89571426b8f82d3c34b4046

    • Size

      5.0MB

    • MD5

      360e9afeb89571426b8f82d3c34b4046

    • SHA1

      3cc0548317729d168723a824c3ba6be3f617feb1

    • SHA256

      60a44dcf4c9a41135b71f0fe7cc9543afe016d0488b2dce52986f85020de6ebb

    • SHA512

      5b50e0c6d57d044673196f7b7fdc0cf4dac582e004a783418abd4b6380b395b2d476d818db9a7b0ef8b2e4d4a4e338ce41597750765d24c2ff214487a209b204

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3273) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1250) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks