General

  • Target

    b562c6ed92797b8227b94d4f6aed36dd

  • Size

    3MB

  • Sample

    220908-ykbsvsffg2

  • MD5

    b562c6ed92797b8227b94d4f6aed36dd

  • SHA1

    9c3bf8ecc5e2422ae51fe671b24281959b3d6bb3

  • SHA256

    194dd7372ab80502948532d6f99a461b5c6d98c34438d0b2618e2385c44ffde7

  • SHA512

    66e6ae549cdf4056096d0afb8de77ffe716ff75c411abc5b1be06c043250b9491fee766fa8668d8f51dc3b5ddc9fa2027434a3317f6d9b64d4af1cc0eea6d7a3

Malware Config

Targets

    • Target

      b562c6ed92797b8227b94d4f6aed36dd

    • Size

      3MB

    • MD5

      b562c6ed92797b8227b94d4f6aed36dd

    • SHA1

      9c3bf8ecc5e2422ae51fe671b24281959b3d6bb3

    • SHA256

      194dd7372ab80502948532d6f99a461b5c6d98c34438d0b2618e2385c44ffde7

    • SHA512

      66e6ae549cdf4056096d0afb8de77ffe716ff75c411abc5b1be06c043250b9491fee766fa8668d8f51dc3b5ddc9fa2027434a3317f6d9b64d4af1cc0eea6d7a3

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3006) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1277) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation