General

  • Target

    ca9a7b4335e93fcd9c860cbd66d7c296

  • Size

    4MB

  • Sample

    220920-vh8g9seaa3

  • MD5

    ca9a7b4335e93fcd9c860cbd66d7c296

  • SHA1

    87d4fd830bf34628dd5d6eae34f5fdfa75f05cb7

  • SHA256

    c81d368bfdb47c4f9f48ee4617c506dbf56a3a1b6806bad8f4ef353bcf863cc5

  • SHA512

    b8e111d4454e544e6f195285259818faa9595c32c6670c952191a102c21dfd08970dd11290f624cdbf354942a272592de9ff2a75c0e74b854189967457627433

Malware Config

Targets

    • Target

      ca9a7b4335e93fcd9c860cbd66d7c296

    • Size

      4MB

    • MD5

      ca9a7b4335e93fcd9c860cbd66d7c296

    • SHA1

      87d4fd830bf34628dd5d6eae34f5fdfa75f05cb7

    • SHA256

      c81d368bfdb47c4f9f48ee4617c506dbf56a3a1b6806bad8f4ef353bcf863cc5

    • SHA512

      b8e111d4454e544e6f195285259818faa9595c32c6670c952191a102c21dfd08970dd11290f624cdbf354942a272592de9ff2a75c0e74b854189967457627433

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3330) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1290) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation