General

  • Target

    be1fc4c26ca89d936674870bf9ec9a6c

  • Size

    4MB

  • Sample

    220823-yccp7aafcm

  • MD5

    be1fc4c26ca89d936674870bf9ec9a6c

  • SHA1

    3c44b6e6c1645f6b3a98b03517d4a9de954a93a1

  • SHA256

    efcb6680db440ce21491a683e42d3bef7931279324608b7e490d361fbcb1084c

  • SHA512

    3468251776f3c9186ffb3dc6ef68916a0341fbf78a291b2148fb0b5ff7a39d117d254ad84f3b680c70614655f63564b0b7db1b553d1df3d123b066eaddd99ae9

  • SSDEEP

    98304:yDqPoBhFk36SAEdhvxWa9P593R8yAVp2H:yDqP2k3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      be1fc4c26ca89d936674870bf9ec9a6c

    • Size

      4MB

    • MD5

      be1fc4c26ca89d936674870bf9ec9a6c

    • SHA1

      3c44b6e6c1645f6b3a98b03517d4a9de954a93a1

    • SHA256

      efcb6680db440ce21491a683e42d3bef7931279324608b7e490d361fbcb1084c

    • SHA512

      3468251776f3c9186ffb3dc6ef68916a0341fbf78a291b2148fb0b5ff7a39d117d254ad84f3b680c70614655f63564b0b7db1b553d1df3d123b066eaddd99ae9

    • SSDEEP

      98304:yDqPoBhFk36SAEdhvxWa9P593R8yAVp2H:yDqP2k3ZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3216) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1025) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks