General

  • Target

    9c412bf568f77c36bc59106075eb8731

  • Size

    3MB

  • Sample

    220906-1e1k5sade4

  • MD5

    9c412bf568f77c36bc59106075eb8731

  • SHA1

    0736ca250488a5a49f1c5e60ce108c71759a106a

  • SHA256

    2f89c7a58b759c412a40981c8183a178412dfe439888c1d04cf1123de7a27ac3

  • SHA512

    eb13a4e7f65fb6249c00ff86237395a6124b2e5f8d914730791101306ebabf5ef1a980c6f398a230a491c21a2b4db5ba909351573f8ffc384eceb98a34343f55

Malware Config

Targets

    • Target

      9c412bf568f77c36bc59106075eb8731

    • Size

      3MB

    • MD5

      9c412bf568f77c36bc59106075eb8731

    • SHA1

      0736ca250488a5a49f1c5e60ce108c71759a106a

    • SHA256

      2f89c7a58b759c412a40981c8183a178412dfe439888c1d04cf1123de7a27ac3

    • SHA512

      eb13a4e7f65fb6249c00ff86237395a6124b2e5f8d914730791101306ebabf5ef1a980c6f398a230a491c21a2b4db5ba909351573f8ffc384eceb98a34343f55

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (1171) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation