General

  • Target

    7fe57d75b78ad5416b67427cb8df6426

  • Size

    3MB

  • Sample

    221004-x5hw8sceap

  • MD5

    7fe57d75b78ad5416b67427cb8df6426

  • SHA1

    0a29283acc239c21352af85f7f26a1e1d441fbba

  • SHA256

    9f9ad86b5522fbc4989c3a8147ad755f3d6ca7689fea82d730d71fcfce4b8270

  • SHA512

    7a3523a03f41123c88570e4e89d20b6674952aff0c86f8f85208460786e509af624f12c95556b948007f5590de6640d52387bc04bd3c499344694c294c6cc340

Malware Config

Targets

    • Target

      7fe57d75b78ad5416b67427cb8df6426

    • Size

      3MB

    • MD5

      7fe57d75b78ad5416b67427cb8df6426

    • SHA1

      0a29283acc239c21352af85f7f26a1e1d441fbba

    • SHA256

      9f9ad86b5522fbc4989c3a8147ad755f3d6ca7689fea82d730d71fcfce4b8270

    • SHA512

      7a3523a03f41123c88570e4e89d20b6674952aff0c86f8f85208460786e509af624f12c95556b948007f5590de6640d52387bc04bd3c499344694c294c6cc340

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2960) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1306) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation