General

  • Target

    f12b69c504464cc5443eb5ced38b690b

  • Size

    3MB

  • Sample

    220908-yarfkacfel

  • MD5

    f12b69c504464cc5443eb5ced38b690b

  • SHA1

    40d08fe240c6dca35bab10eb630397919a9b5a88

  • SHA256

    78bbe4a65e13a06df5ae05c158aeec7c0ed7883a62261a25c63673c600047d4c

  • SHA512

    be9e2fa92d379baa6cb92dd064ffd1c6c3ce360f75adcbe205aebb2c112d14b88da834d94b21bc2007aecff12d2eb04f378d80eb21be4563093121702ec70c5c

Malware Config

Targets

    • Target

      f12b69c504464cc5443eb5ced38b690b

    • Size

      3MB

    • MD5

      f12b69c504464cc5443eb5ced38b690b

    • SHA1

      40d08fe240c6dca35bab10eb630397919a9b5a88

    • SHA256

      78bbe4a65e13a06df5ae05c158aeec7c0ed7883a62261a25c63673c600047d4c

    • SHA512

      be9e2fa92d379baa6cb92dd064ffd1c6c3ce360f75adcbe205aebb2c112d14b88da834d94b21bc2007aecff12d2eb04f378d80eb21be4563093121702ec70c5c

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3238) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1258) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation