General

  • Target

    8c0c3bb9c1eb56c1ba024c2148e470399c93e03130a5ef6c04bae118b3daa239.exe

  • Size

    3MB

  • Sample

    221010-e3netsagfk

  • MD5

    4202af759ddd588df0a1d6b6ad1ee1bc

  • SHA1

    721b30790b26682fd3462527317fe817831743f2

  • SHA256

    8c0c3bb9c1eb56c1ba024c2148e470399c93e03130a5ef6c04bae118b3daa239

  • SHA512

    a9a001d8ad716f3747df6fd8a19b37e79af1dfeb716ab9530f021c3bffc6564784fa209d85376794eb232f9ff5a2bf9e5b4652261eebffd517cd3a30bae4b1b1

  • SSDEEP

    98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2f:yDqPe1Cxcxk3ZAEUadzR8yc4f

Malware Config

Targets

    • Target

      8c0c3bb9c1eb56c1ba024c2148e470399c93e03130a5ef6c04bae118b3daa239.exe

    • Size

      3MB

    • MD5

      4202af759ddd588df0a1d6b6ad1ee1bc

    • SHA1

      721b30790b26682fd3462527317fe817831743f2

    • SHA256

      8c0c3bb9c1eb56c1ba024c2148e470399c93e03130a5ef6c04bae118b3daa239

    • SHA512

      a9a001d8ad716f3747df6fd8a19b37e79af1dfeb716ab9530f021c3bffc6564784fa209d85376794eb232f9ff5a2bf9e5b4652261eebffd517cd3a30bae4b1b1

    • SSDEEP

      98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2f:yDqPe1Cxcxk3ZAEUadzR8yc4f

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3271) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (991) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks