General

  • Target

    eeeb5d6b6988737f21d5a7975fbbe8af

  • Size

    5.0MB

  • Sample

    220720-h9h1gadehk

  • MD5

    eeeb5d6b6988737f21d5a7975fbbe8af

  • SHA1

    f203edc0b5f1ddc11df005af1d3ab4e6136b1e3a

  • SHA256

    2be2dfe93bb30a0eb12d929cb865ac3cf65994e8381e295be3cfb7de3f8d2764

  • SHA512

    f6291be293cbf6a578b9f29565aab8754dddbb9df8f7528577fdfa10ad00950e3b929140c65562418cc6e41b310ccfec388128ccd6b9943636ce773fc8fc5fa7

Malware Config

Targets

    • Target

      eeeb5d6b6988737f21d5a7975fbbe8af

    • Size

      5.0MB

    • MD5

      eeeb5d6b6988737f21d5a7975fbbe8af

    • SHA1

      f203edc0b5f1ddc11df005af1d3ab4e6136b1e3a

    • SHA256

      2be2dfe93bb30a0eb12d929cb865ac3cf65994e8381e295be3cfb7de3f8d2764

    • SHA512

      f6291be293cbf6a578b9f29565aab8754dddbb9df8f7528577fdfa10ad00950e3b929140c65562418cc6e41b310ccfec388128ccd6b9943636ce773fc8fc5fa7

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2669) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1014) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks