General

  • Target

    3df6e06d7f6270903dda0e9e0da7ff6e

  • Size

    5MB

  • Sample

    220908-ym3z5acghk

  • MD5

    3df6e06d7f6270903dda0e9e0da7ff6e

  • SHA1

    29dcb3b3b9f9e5f6679ba6fa32531d4d92f567fb

  • SHA256

    51c5225c4bf368296754697e310f1583300b5e85748be40dca5ff5647df4f8dc

  • SHA512

    0cf97a1361b5b73569c4497958091b298c2c29c85ad734078165fbe0cb86c9776bd33463dbd7ecda8d147544d771b1ca6b8751bfc8135cb70eb257f211de3e94

Malware Config

Targets

    • Target

      3df6e06d7f6270903dda0e9e0da7ff6e

    • Size

      5MB

    • MD5

      3df6e06d7f6270903dda0e9e0da7ff6e

    • SHA1

      29dcb3b3b9f9e5f6679ba6fa32531d4d92f567fb

    • SHA256

      51c5225c4bf368296754697e310f1583300b5e85748be40dca5ff5647df4f8dc

    • SHA512

      0cf97a1361b5b73569c4497958091b298c2c29c85ad734078165fbe0cb86c9776bd33463dbd7ecda8d147544d771b1ca6b8751bfc8135cb70eb257f211de3e94

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3301) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1270) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation