General

  • Target

    de0159c19e4d80dacccb9d3d35afc985

  • Size

    5.0MB

  • Sample

    220720-h55cxadedp

  • MD5

    de0159c19e4d80dacccb9d3d35afc985

  • SHA1

    36b09936ebf285583b34df0f4d71bfefa6435a9c

  • SHA256

    df82e129ebc13794220d2fea676b609e559bcce92123a6bef73b3298e58e51a3

  • SHA512

    e48a832dbf0ce951996b6d0369f240f23e4cfd041027d331b3f2b1dfa9fee31876d3c9376f82344739fce47e239cf915d4fb8e139e737853966c2f4aa3546f52

Malware Config

Targets

    • Target

      de0159c19e4d80dacccb9d3d35afc985

    • Size

      5.0MB

    • MD5

      de0159c19e4d80dacccb9d3d35afc985

    • SHA1

      36b09936ebf285583b34df0f4d71bfefa6435a9c

    • SHA256

      df82e129ebc13794220d2fea676b609e559bcce92123a6bef73b3298e58e51a3

    • SHA512

      e48a832dbf0ce951996b6d0369f240f23e4cfd041027d331b3f2b1dfa9fee31876d3c9376f82344739fce47e239cf915d4fb8e139e737853966c2f4aa3546f52

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3136) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1248) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks