General

  • Target

    34881d8425c4344ef20acea47336e89a

  • Size

    3MB

  • Sample

    220920-ved49adhe8

  • MD5

    34881d8425c4344ef20acea47336e89a

  • SHA1

    00a4da44c4dfe13124198e914e5a8a7bbe4dcd15

  • SHA256

    c712ab1138d0dbccc4857d5b285ae54d75dd109452c22ad661b8869c5b9bbddf

  • SHA512

    9e4f32f17b097a241c86ca756b526bf98afb0728ccfc710edcca97955a253db59a53c4d143d2738b4cf7915404523e7958f7f9a85d03f8ac70e1df6f66f17639

Malware Config

Targets

    • Target

      34881d8425c4344ef20acea47336e89a

    • Size

      3MB

    • MD5

      34881d8425c4344ef20acea47336e89a

    • SHA1

      00a4da44c4dfe13124198e914e5a8a7bbe4dcd15

    • SHA256

      c712ab1138d0dbccc4857d5b285ae54d75dd109452c22ad661b8869c5b9bbddf

    • SHA512

      9e4f32f17b097a241c86ca756b526bf98afb0728ccfc710edcca97955a253db59a53c4d143d2738b4cf7915404523e7958f7f9a85d03f8ac70e1df6f66f17639

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3304) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1247) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation