General

  • Target

    13c7fb6f6c12ee3836597de550c6d7e1

  • Size

    5.0MB

  • Sample

    220823-ydmlsaafer

  • MD5

    13c7fb6f6c12ee3836597de550c6d7e1

  • SHA1

    c11f11477b455c0e0de8f3149d4ea282f2ba91d2

  • SHA256

    a195894f36cd964742a6f4b3f779bb24069c12583a37cd8fce2cb27f238ebb2b

  • SHA512

    c9c2e17ad541832da04bac4a87928c0bbfb8a4b5fd7da7ac7b387348677dfc34cdf3ef2bebaa3d3a505c990cb71810a27e23d66582d67cf032cd8c3c44de0835

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INx+TSqTdXh6SAA:+DqPoBhz1axcSUn6SA

Malware Config

Targets

    • Target

      13c7fb6f6c12ee3836597de550c6d7e1

    • Size

      5.0MB

    • MD5

      13c7fb6f6c12ee3836597de550c6d7e1

    • SHA1

      c11f11477b455c0e0de8f3149d4ea282f2ba91d2

    • SHA256

      a195894f36cd964742a6f4b3f779bb24069c12583a37cd8fce2cb27f238ebb2b

    • SHA512

      c9c2e17ad541832da04bac4a87928c0bbfb8a4b5fd7da7ac7b387348677dfc34cdf3ef2bebaa3d3a505c990cb71810a27e23d66582d67cf032cd8c3c44de0835

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INx+TSqTdXh6SAA:+DqPoBhz1axcSUn6SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3117) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1278) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Network Service Scanning

3
T1046

Tasks