General

  • Target

    77340dc229f913780359e4fdd1a3eda0

  • Size

    3MB

  • Sample

    220906-1ejmmaffgn

  • MD5

    77340dc229f913780359e4fdd1a3eda0

  • SHA1

    65c034159bd67657200ca8f29cd701b48f440681

  • SHA256

    15fa116185591a9ac8b8a1e1bd78f99220107073e01e3868da9c8ab4ad963f9d

  • SHA512

    d27c21706d5b4fe43df4f387cb4d9f72afe3486fcb3110844e5d8ed50ba5339e9fd32834ad79cf84077dfff48cfee2ff224777a24eedc7f617f94107f7844599

Malware Config

Targets

    • Target

      77340dc229f913780359e4fdd1a3eda0

    • Size

      3MB

    • MD5

      77340dc229f913780359e4fdd1a3eda0

    • SHA1

      65c034159bd67657200ca8f29cd701b48f440681

    • SHA256

      15fa116185591a9ac8b8a1e1bd78f99220107073e01e3868da9c8ab4ad963f9d

    • SHA512

      d27c21706d5b4fe43df4f387cb4d9f72afe3486fcb3110844e5d8ed50ba5339e9fd32834ad79cf84077dfff48cfee2ff224777a24eedc7f617f94107f7844599

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3285) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1285) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation