General

  • Target

    8fd65b6b72a95cca4fd7c6cb235e5717

  • Size

    3MB

  • Sample

    220906-1dvy9sffdr

  • MD5

    8fd65b6b72a95cca4fd7c6cb235e5717

  • SHA1

    2c71773fbcc3f0a1b6c3ab4f95ae637f6f2f2aad

  • SHA256

    2b1c37c88951b7543ba52cc6351ab9509e939c6e38d927df3c342ad6f6158a59

  • SHA512

    40ddbb67f02556321c229682e0d5aaccab396fed20d9f977b2f93d4b7d70ce43485439f816e3bb7d00a5af521b3ce07df3ecc73b7860ca6824289fd918343928

Malware Config

Targets

    • Target

      8fd65b6b72a95cca4fd7c6cb235e5717

    • Size

      3MB

    • MD5

      8fd65b6b72a95cca4fd7c6cb235e5717

    • SHA1

      2c71773fbcc3f0a1b6c3ab4f95ae637f6f2f2aad

    • SHA256

      2b1c37c88951b7543ba52cc6351ab9509e939c6e38d927df3c342ad6f6158a59

    • SHA512

      40ddbb67f02556321c229682e0d5aaccab396fed20d9f977b2f93d4b7d70ce43485439f816e3bb7d00a5af521b3ce07df3ecc73b7860ca6824289fd918343928

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3163) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1248) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation