General

  • Target

    0b332e6ac79094a04d9825f86c9a663e53e936fd835edcef1e29b422132f6590.dll

  • Size

    5MB

  • Sample

    220921-efmj1saebn

  • MD5

    008b9895ed29a02b2ad9c15d10fe250c

  • SHA1

    6dba81733aa199fd64dcfbb17e43d1a575a02086

  • SHA256

    0b332e6ac79094a04d9825f86c9a663e53e936fd835edcef1e29b422132f6590

  • SHA512

    3deeeaa92cb98ce7fcca23a30fe08834c10af7e13b7ab8cbdceaa23408798a9dbf94cd4e3eecc25123abd93fbad8759a3c772d30bcffb34b1cb48ac39f8e0aea

Malware Config

Targets

    • Target

      0b332e6ac79094a04d9825f86c9a663e53e936fd835edcef1e29b422132f6590.dll

    • Size

      5MB

    • MD5

      008b9895ed29a02b2ad9c15d10fe250c

    • SHA1

      6dba81733aa199fd64dcfbb17e43d1a575a02086

    • SHA256

      0b332e6ac79094a04d9825f86c9a663e53e936fd835edcef1e29b422132f6590

    • SHA512

      3deeeaa92cb98ce7fcca23a30fe08834c10af7e13b7ab8cbdceaa23408798a9dbf94cd4e3eecc25123abd93fbad8759a3c772d30bcffb34b1cb48ac39f8e0aea

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3031) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1290) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation