General

  • Target

    87f80f62e4d7e3cdfa712fc109bc79a4

  • Size

    3MB

  • Sample

    220908-yd146sffb4

  • MD5

    87f80f62e4d7e3cdfa712fc109bc79a4

  • SHA1

    03abae660bf37cfbffae6d0e34c896fe3d5557d6

  • SHA256

    08986944b87cbbb7245a342f846dfb03534e749ed9ffd453babd4f9f7682f066

  • SHA512

    1da0fe361dcc17177d680e6922dcd26939a4c3df30ccb75310ed7be94e9c8172728949f5e489eeef583065e3fe7724317a71c527b436576b0527a0bd9e6566a6

Malware Config

Targets

    • Target

      87f80f62e4d7e3cdfa712fc109bc79a4

    • Size

      3MB

    • MD5

      87f80f62e4d7e3cdfa712fc109bc79a4

    • SHA1

      03abae660bf37cfbffae6d0e34c896fe3d5557d6

    • SHA256

      08986944b87cbbb7245a342f846dfb03534e749ed9ffd453babd4f9f7682f066

    • SHA512

      1da0fe361dcc17177d680e6922dcd26939a4c3df30ccb75310ed7be94e9c8172728949f5e489eeef583065e3fe7724317a71c527b436576b0527a0bd9e6566a6

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3272) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1284) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation