General

  • Target

    26b05a84c6458f1e070262e48c1d8d4e

  • Size

    5.0MB

  • Sample

    220720-h9h1gadehl

  • MD5

    26b05a84c6458f1e070262e48c1d8d4e

  • SHA1

    3bad7aeb78a59ccebb17b44fa4be91c4c999c95b

  • SHA256

    076b1affe407272a7e8c8437ded19b9e1e64aae1750c30bcce5e5f9a100bb442

  • SHA512

    20396d63a39663a3d7255b640260d8ed37697ad103a855f7a85e382feb5eb6e27c76159997dcc357ab2e23065f3f81dc43717437f94199f4606228110f0418f0

Malware Config

Targets

    • Target

      26b05a84c6458f1e070262e48c1d8d4e

    • Size

      5.0MB

    • MD5

      26b05a84c6458f1e070262e48c1d8d4e

    • SHA1

      3bad7aeb78a59ccebb17b44fa4be91c4c999c95b

    • SHA256

      076b1affe407272a7e8c8437ded19b9e1e64aae1750c30bcce5e5f9a100bb442

    • SHA512

      20396d63a39663a3d7255b640260d8ed37697ad103a855f7a85e382feb5eb6e27c76159997dcc357ab2e23065f3f81dc43717437f94199f4606228110f0418f0

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3335) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1005) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks