General

  • Target

    84099c2e3f641d8722d18d2b555948fe

  • Size

    3MB

  • Sample

    220906-1ext9aade2

  • MD5

    84099c2e3f641d8722d18d2b555948fe

  • SHA1

    846aa657b643666ab2843183b8fb60b4468b0e52

  • SHA256

    6cecf1c41be6009136c66398fb446ae287b91f4ef3bdd2d8f88dd151cb97b515

  • SHA512

    02a3491705f27551b40a6b4ebf08f460198024fd0844aff9c06e8a43bb632f075946b896131419e8079274e2bdadc8dc3b3c9c9e8df80191f8cc7271f424abca

Malware Config

Targets

    • Target

      84099c2e3f641d8722d18d2b555948fe

    • Size

      3MB

    • MD5

      84099c2e3f641d8722d18d2b555948fe

    • SHA1

      846aa657b643666ab2843183b8fb60b4468b0e52

    • SHA256

      6cecf1c41be6009136c66398fb446ae287b91f4ef3bdd2d8f88dd151cb97b515

    • SHA512

      02a3491705f27551b40a6b4ebf08f460198024fd0844aff9c06e8a43bb632f075946b896131419e8079274e2bdadc8dc3b3c9c9e8df80191f8cc7271f424abca

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3222) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (957) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation