General

  • Target

    8f6674a374929107694ff0cde660cc71

  • Size

    5.0MB

  • Sample

    220720-h8ypjadah5

  • MD5

    8f6674a374929107694ff0cde660cc71

  • SHA1

    8f0abe81d44e751036f2b7ef53156ed6ac124698

  • SHA256

    4d53e7efd90949d6b5de306f3559dea713b9ecd1642966bba24b631743eb5d31

  • SHA512

    55277401f3776c1aba557df1f7d51e555ba8f66e3ad3d0dc575ebc1fbc8c4682b7c16a832d21e36aa32df4a72726745f58a326e8e95c9b63dcff8fe86ffb4d20

Malware Config

Targets

    • Target

      8f6674a374929107694ff0cde660cc71

    • Size

      5.0MB

    • MD5

      8f6674a374929107694ff0cde660cc71

    • SHA1

      8f0abe81d44e751036f2b7ef53156ed6ac124698

    • SHA256

      4d53e7efd90949d6b5de306f3559dea713b9ecd1642966bba24b631743eb5d31

    • SHA512

      55277401f3776c1aba557df1f7d51e555ba8f66e3ad3d0dc575ebc1fbc8c4682b7c16a832d21e36aa32df4a72726745f58a326e8e95c9b63dcff8fe86ffb4d20

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3273) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1305) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks