General

  • Target

    834389b39d5f26ab08bd160f9a102ec0

  • Size

    3MB

  • Sample

    221004-x5j5asceaq

  • MD5

    834389b39d5f26ab08bd160f9a102ec0

  • SHA1

    421afaca0623357c4ac0786ad3ad91df7428273e

  • SHA256

    5f8e1de744bccf4d649d5013fc8c5f2de42e8ca5eb99a541896e4f45844066eb

  • SHA512

    244fd59feca3048eac677b2c93f745bee3192d1a97efed079e7cedd716c62ae914aef405ff4e439ecab55a4f8729db7710e724898f5f9de32d3361a949450b5d

Malware Config

Targets

    • Target

      834389b39d5f26ab08bd160f9a102ec0

    • Size

      3MB

    • MD5

      834389b39d5f26ab08bd160f9a102ec0

    • SHA1

      421afaca0623357c4ac0786ad3ad91df7428273e

    • SHA256

      5f8e1de744bccf4d649d5013fc8c5f2de42e8ca5eb99a541896e4f45844066eb

    • SHA512

      244fd59feca3048eac677b2c93f745bee3192d1a97efed079e7cedd716c62ae914aef405ff4e439ecab55a4f8729db7710e724898f5f9de32d3361a949450b5d

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2708) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1015) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation