General

  • Target

    5449f3bb52d4ed570c9986fb1f735a7a

  • Size

    5.0MB

  • Sample

    220720-h7srwsdefl

  • MD5

    5449f3bb52d4ed570c9986fb1f735a7a

  • SHA1

    72dd6ec6b775760bec6d97555129f685b8c7a69c

  • SHA256

    303a93e18c5f8275e652e20f49fe1328bda2fe954e67ac7ccb3924e6d07470b8

  • SHA512

    1170e9720c37a8fa76868e72a79b7c34cdad68cb0303bc81d75df82eb2e92b0b5b2bd8d74138f78963795347cdb800c90f21088650c0be22d615aa3ab5cb84f2

Malware Config

Targets

    • Target

      5449f3bb52d4ed570c9986fb1f735a7a

    • Size

      5.0MB

    • MD5

      5449f3bb52d4ed570c9986fb1f735a7a

    • SHA1

      72dd6ec6b775760bec6d97555129f685b8c7a69c

    • SHA256

      303a93e18c5f8275e652e20f49fe1328bda2fe954e67ac7ccb3924e6d07470b8

    • SHA512

      1170e9720c37a8fa76868e72a79b7c34cdad68cb0303bc81d75df82eb2e92b0b5b2bd8d74138f78963795347cdb800c90f21088650c0be22d615aa3ab5cb84f2

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3236) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1290) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks