General

  • Target

    1457da48cd8b51b54792cf4d13175eb8

  • Size

    3MB

  • Sample

    221004-x4lazacbb4

  • MD5

    1457da48cd8b51b54792cf4d13175eb8

  • SHA1

    0061904369080aa7bd20b87fde01cc940ec0935a

  • SHA256

    50864f4e4f20010e4066d74bebb4fb95d178ac965b2d1a04766a935d7f4b18ba

  • SHA512

    1874aee2b626473b3729c6b71c70b62e836adc81a9848e140c478971f47991b90f40c4cc866fc1ef4c57d5d7a7e422514c9bcd82e1c0e2a66d1bc9cb4089151c

Malware Config

Targets

    • Target

      1457da48cd8b51b54792cf4d13175eb8

    • Size

      3MB

    • MD5

      1457da48cd8b51b54792cf4d13175eb8

    • SHA1

      0061904369080aa7bd20b87fde01cc940ec0935a

    • SHA256

      50864f4e4f20010e4066d74bebb4fb95d178ac965b2d1a04766a935d7f4b18ba

    • SHA512

      1874aee2b626473b3729c6b71c70b62e836adc81a9848e140c478971f47991b90f40c4cc866fc1ef4c57d5d7a7e422514c9bcd82e1c0e2a66d1bc9cb4089151c

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2865) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1299) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation