General

  • Target

    7a2e99b30688926c036b868dfc04325c

  • Size

    5.0MB

  • Sample

    220720-h8ddladag8

  • MD5

    7a2e99b30688926c036b868dfc04325c

  • SHA1

    94723f232b9f9ac15d7716aca701576b1c3d0923

  • SHA256

    23186cfe15014b424b3b12fb769998d21c24634f0998b74057a57fdd27a11f45

  • SHA512

    549dad4c798f6f8b14431fcf903bee6cd171b7837eb49d8708c3c73484d313bb6a88a20fea34aa31d93365e4afc712e01a7b7d4b4e7024fba7513c48787da8ac

Malware Config

Targets

    • Target

      7a2e99b30688926c036b868dfc04325c

    • Size

      5.0MB

    • MD5

      7a2e99b30688926c036b868dfc04325c

    • SHA1

      94723f232b9f9ac15d7716aca701576b1c3d0923

    • SHA256

      23186cfe15014b424b3b12fb769998d21c24634f0998b74057a57fdd27a11f45

    • SHA512

      549dad4c798f6f8b14431fcf903bee6cd171b7837eb49d8708c3c73484d313bb6a88a20fea34aa31d93365e4afc712e01a7b7d4b4e7024fba7513c48787da8ac

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3263) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1017) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks