General

  • Target

    3beb8a3e32189c22dea897f8a1ae34ea

  • Size

    5.0MB

  • Sample

    220720-jbt6hsdbb7

  • MD5

    3beb8a3e32189c22dea897f8a1ae34ea

  • SHA1

    101609731c7fc179cd97237811ec73d1c58fc90b

  • SHA256

    063305b5396c457f97a8495acae31379e258a28184c2cea9e1a9d8fe0d10dbf2

  • SHA512

    dd92301e511663a5f9c448afaa58870a37938334f7a5573a970f9a5f4c4d4ac57590dd8abf07041ee0002524adb8ca38b95018d82922906c8e19305610b5b4c9

Malware Config

Targets

    • Target

      3beb8a3e32189c22dea897f8a1ae34ea

    • Size

      5.0MB

    • MD5

      3beb8a3e32189c22dea897f8a1ae34ea

    • SHA1

      101609731c7fc179cd97237811ec73d1c58fc90b

    • SHA256

      063305b5396c457f97a8495acae31379e258a28184c2cea9e1a9d8fe0d10dbf2

    • SHA512

      dd92301e511663a5f9c448afaa58870a37938334f7a5573a970f9a5f4c4d4ac57590dd8abf07041ee0002524adb8ca38b95018d82922906c8e19305610b5b4c9

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3322) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1273) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks