General

  • Target

    2f6cfb7f48e804959628066fb7469617

  • Size

    3MB

  • Sample

    221004-x4tmcacbb9

  • MD5

    2f6cfb7f48e804959628066fb7469617

  • SHA1

    cde854383d4d04560c2696f61672f24f111511ee

  • SHA256

    67bfe3dffaa83f835b6ca8dd49d0c990a89cd518700830e7263cc7351329a13c

  • SHA512

    03430666f1c2e10738e9df781674a657a2c059f426e640bb02ad3dea10e5bc1104f5af79c4762a71f7760ba617d94bf931a4fedab4a2bb0270c6685707f18a29

Malware Config

Targets

    • Target

      2f6cfb7f48e804959628066fb7469617

    • Size

      3MB

    • MD5

      2f6cfb7f48e804959628066fb7469617

    • SHA1

      cde854383d4d04560c2696f61672f24f111511ee

    • SHA256

      67bfe3dffaa83f835b6ca8dd49d0c990a89cd518700830e7263cc7351329a13c

    • SHA512

      03430666f1c2e10738e9df781674a657a2c059f426e640bb02ad3dea10e5bc1104f5af79c4762a71f7760ba617d94bf931a4fedab4a2bb0270c6685707f18a29

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2108) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1029) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation