General

  • Target

    1660afa6704de7febc3a0d177aa2ed1e

  • Size

    3MB

  • Sample

    220906-1ewbesadd9

  • MD5

    1660afa6704de7febc3a0d177aa2ed1e

  • SHA1

    fa4804674193a4c9a5b55fbf9aea55d060e7a7c5

  • SHA256

    c4864b9cd0e9d0cf393b0da8126ba7928c3e1a2f7dc2bfdaf463086c1a079b6e

  • SHA512

    8733e67795ba1ab89190b3dba8cf545ec48c61ef5062bcc8782e8e1ff523314bcd47e06858bf808310debb10163922b39f448ab75c8b6e9e1a140d15b512b602

Malware Config

Targets

    • Target

      1660afa6704de7febc3a0d177aa2ed1e

    • Size

      3MB

    • MD5

      1660afa6704de7febc3a0d177aa2ed1e

    • SHA1

      fa4804674193a4c9a5b55fbf9aea55d060e7a7c5

    • SHA256

      c4864b9cd0e9d0cf393b0da8126ba7928c3e1a2f7dc2bfdaf463086c1a079b6e

    • SHA512

      8733e67795ba1ab89190b3dba8cf545ec48c61ef5062bcc8782e8e1ff523314bcd47e06858bf808310debb10163922b39f448ab75c8b6e9e1a140d15b512b602

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3367) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (850) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation