Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2022 19:44

General

  • Target

    dc8b8f9c21e7fd8cf6e2253fbc0a5cf1.exe

  • Size

    3.6MB

  • MD5

    dc8b8f9c21e7fd8cf6e2253fbc0a5cf1

  • SHA1

    4b180b7f6271b9dc320bf65bfa6cf0b62f1ae2ce

  • SHA256

    809d539257b48fd3b42a4d5a5a992f32938555415e806e49c6910abaa39e2151

  • SHA512

    5d27e3c019dc8ea9e6de4ae78121c7d9cf3b9766aca1a2fb3488e10551c2a35af095ba8b52188606f01c691d8bb4c17d4a2de86f3cfc28558c7f08d82e673c31

  • SSDEEP

    98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2:Z8qPe1Cxcxk3ZAEUadzR8yc4

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (3303) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc8b8f9c21e7fd8cf6e2253fbc0a5cf1.exe
    "C:\Users\Admin\AppData\Local\Temp\dc8b8f9c21e7fd8cf6e2253fbc0a5cf1.exe"
    1⤵
    • Drops file in Windows directory
    PID:2416
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:4544
  • C:\Users\Admin\AppData\Local\Temp\dc8b8f9c21e7fd8cf6e2253fbc0a5cf1.exe
    C:\Users\Admin\AppData\Local\Temp\dc8b8f9c21e7fd8cf6e2253fbc0a5cf1.exe -m security
    1⤵
      PID:4652

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Discovery

    Network Service Scanning

    2
    T1046

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\tasksche.exe
      Filesize

      3.4MB

      MD5

      71314dcf5eac4d8a1d21754f1f310b94

      SHA1

      e6a1db906604a7034853c818ee6d999eb5ad7eb4

      SHA256

      14f7a0848d1c1c4ceec1d74914a08ba3393d407bad49fb3af0747c65d1f4a21d

      SHA512

      a1accd4490dba5525b822993012a8fd581f9bc2789e3c420bfce6993ded6394135f6876f5ab1954041d344d0f1c603a48424e3311b81b9302fab0b9ae82270f3