General

  • Target

    bbc4e7f739d9e7f38a343fc018bf5df9d654ed1a52dcaf00b6cc6cfdc8b18cbd.exe

  • Size

    3MB

  • Sample

    221010-nhp8csbggl

  • MD5

    797d5d31c4e6c1accb2cbfddec8d66b9

  • SHA1

    dd5d04b01214dffdd75c575eefd342026c66a39d

  • SHA256

    bbc4e7f739d9e7f38a343fc018bf5df9d654ed1a52dcaf00b6cc6cfdc8b18cbd

  • SHA512

    ec26bd4120474d5a996a61c202befb548b5add6ac933986f6a992d050f00ccc3ebe49d19dc6946479da5605067df7b02f26f56e64855b029721f8789ae563e42

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9ZI:yDqPoBhz1aRxcSUDk36SAEdhvxWa9ZI

Malware Config

Targets

    • Target

      bbc4e7f739d9e7f38a343fc018bf5df9d654ed1a52dcaf00b6cc6cfdc8b18cbd.exe

    • Size

      3MB

    • MD5

      797d5d31c4e6c1accb2cbfddec8d66b9

    • SHA1

      dd5d04b01214dffdd75c575eefd342026c66a39d

    • SHA256

      bbc4e7f739d9e7f38a343fc018bf5df9d654ed1a52dcaf00b6cc6cfdc8b18cbd

    • SHA512

      ec26bd4120474d5a996a61c202befb548b5add6ac933986f6a992d050f00ccc3ebe49d19dc6946479da5605067df7b02f26f56e64855b029721f8789ae563e42

    • SSDEEP

      49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9ZI:yDqPoBhz1aRxcSUDk36SAEdhvxWa9ZI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3198) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1244) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks