General

  • Target

    32d3a008f80dfb7337351c1fbbb902be

  • Size

    4MB

  • Sample

    220906-1e49bsade6

  • MD5

    32d3a008f80dfb7337351c1fbbb902be

  • SHA1

    b0d48f57a412ec3e893ef8c5904977113a420faa

  • SHA256

    a7254d36a87b0e187920a083ba9c6b01bb0822b12907622c7ae695357782cbc9

  • SHA512

    e2194083107e3ed9da56c4d1416baac00bee593cf24b4628ec05a2c611cdd5e18eb8c895517e07e6bf5966dae42ca097ea4de2a11435575d5157e36c0b6edcf5

Malware Config

Targets

    • Target

      32d3a008f80dfb7337351c1fbbb902be

    • Size

      4MB

    • MD5

      32d3a008f80dfb7337351c1fbbb902be

    • SHA1

      b0d48f57a412ec3e893ef8c5904977113a420faa

    • SHA256

      a7254d36a87b0e187920a083ba9c6b01bb0822b12907622c7ae695357782cbc9

    • SHA512

      e2194083107e3ed9da56c4d1416baac00bee593cf24b4628ec05a2c611cdd5e18eb8c895517e07e6bf5966dae42ca097ea4de2a11435575d5157e36c0b6edcf5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3239) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1294) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation