General

  • Target

    8b8aba412ea28b2a7d3d8a167336e576

  • Size

    5.0MB

  • Sample

    220720-h4cw9sdecj

  • MD5

    8b8aba412ea28b2a7d3d8a167336e576

  • SHA1

    521dcf594e65f9f755f5f56021a8b0e4cd224624

  • SHA256

    632533f6fd9c4096f0d985c88aa862aa21df97e95da6e7edc0566ec17605f330

  • SHA512

    e82df04a86b89ba1fc9306b592d5792e0dcd0f06558d274a07edb8a3dc064d23a65f7c73a9b5eb6f5984142ca80f7f065fad91f46575a5d492833ff70fdeee42

Malware Config

Targets

    • Target

      8b8aba412ea28b2a7d3d8a167336e576

    • Size

      5.0MB

    • MD5

      8b8aba412ea28b2a7d3d8a167336e576

    • SHA1

      521dcf594e65f9f755f5f56021a8b0e4cd224624

    • SHA256

      632533f6fd9c4096f0d985c88aa862aa21df97e95da6e7edc0566ec17605f330

    • SHA512

      e82df04a86b89ba1fc9306b592d5792e0dcd0f06558d274a07edb8a3dc064d23a65f7c73a9b5eb6f5984142ca80f7f065fad91f46575a5d492833ff70fdeee42

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3059) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1291) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks