General

  • Target

    73a745cd7a35f81f7ca9d7d81ba40e1c

  • Size

    4MB

  • Sample

    220908-yea95sffb8

  • MD5

    73a745cd7a35f81f7ca9d7d81ba40e1c

  • SHA1

    5c0e4eb81186b7b3f3bf1b145fa757d6d88e1c42

  • SHA256

    ae29fa6590365573a80499fe19d125d8bd48f6f9096e2b1311b76a694cd6c2bb

  • SHA512

    2398c808b919efa10fe50925e75c0518299f226bfc92e9b1a33a8f512b3e6a760416d988b5e2e50e224c2e7e6cc84b980fba650840e9225406dbb24a6f9a04d6

Malware Config

Targets

    • Target

      73a745cd7a35f81f7ca9d7d81ba40e1c

    • Size

      4MB

    • MD5

      73a745cd7a35f81f7ca9d7d81ba40e1c

    • SHA1

      5c0e4eb81186b7b3f3bf1b145fa757d6d88e1c42

    • SHA256

      ae29fa6590365573a80499fe19d125d8bd48f6f9096e2b1311b76a694cd6c2bb

    • SHA512

      2398c808b919efa10fe50925e75c0518299f226bfc92e9b1a33a8f512b3e6a760416d988b5e2e50e224c2e7e6cc84b980fba650840e9225406dbb24a6f9a04d6

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2507) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1297) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation