General

  • Target

    038dac20c4c9f9f8ea101b45348b7c0f

  • Size

    5.0MB

  • Sample

    220720-h8ddladefq

  • MD5

    038dac20c4c9f9f8ea101b45348b7c0f

  • SHA1

    71621491fccdedb382d195034629933774f97104

  • SHA256

    ba3d0c4601a1f63f83237cd782d3e991380410a11ddea7b7a36ed5d6205f7ec2

  • SHA512

    eca5b872c1fc146d5e5d7ce27705758a6929a0ae67c247ba9e98bf67cdf359f97ba1c6b966d177805960e81963d6c9518e396ec152adb3893c887c56555da5df

Malware Config

Targets

    • Target

      038dac20c4c9f9f8ea101b45348b7c0f

    • Size

      5.0MB

    • MD5

      038dac20c4c9f9f8ea101b45348b7c0f

    • SHA1

      71621491fccdedb382d195034629933774f97104

    • SHA256

      ba3d0c4601a1f63f83237cd782d3e991380410a11ddea7b7a36ed5d6205f7ec2

    • SHA512

      eca5b872c1fc146d5e5d7ce27705758a6929a0ae67c247ba9e98bf67cdf359f97ba1c6b966d177805960e81963d6c9518e396ec152adb3893c887c56555da5df

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3297) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1281) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks