Resubmissions

10-10-2022 13:41

221010-qzcdyacaa6 10

10-10-2022 11:24

221010-nhp8csbfb7 10

General

  • Target

    d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7.dll

  • Size

    5MB

  • Sample

    221010-qzcdyacaa6

  • MD5

    64f90ae0b16ad69df763d4172bf7b121

  • SHA1

    cd13b94c91bcc035464c28ca953b1fca990f59d5

  • SHA256

    d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7

  • SHA512

    4d3987cf1e8f6d19f9d7c2009a579deb4793bba89fa12087a865ab4638b20183068520e656d0573974fd8ff8cc6b555f1b6289251d0864852412b070590b88fe

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9Z:+DqPoBhz1aRxcSUDk36SAEdhvxWa9Z

Malware Config

Targets

    • Target

      d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7.dll

    • Size

      5MB

    • MD5

      64f90ae0b16ad69df763d4172bf7b121

    • SHA1

      cd13b94c91bcc035464c28ca953b1fca990f59d5

    • SHA256

      d085c477ebf60d0deb312b8a1e3aa08a04c0a61acb6f8085463e3f230314edc7

    • SHA512

      4d3987cf1e8f6d19f9d7c2009a579deb4793bba89fa12087a865ab4638b20183068520e656d0573974fd8ff8cc6b555f1b6289251d0864852412b070590b88fe

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9Z:+DqPoBhz1aRxcSUDk36SAEdhvxWa9Z

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (1048) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks