General

  • Target

    c627a3087882305a308806c37c86758102f1a0f670abd8318d9988d4ec34aca6.exe

  • Size

    5.0MB

  • Sample

    221011-j3vlcsdgbq

  • MD5

    14baa82b3b48237395b7f0b43927229f

  • SHA1

    99b382b9b239db3a3a0cc34ade673d6071b773d8

  • SHA256

    c627a3087882305a308806c37c86758102f1a0f670abd8318d9988d4ec34aca6

  • SHA512

    2819aa2a242abd57db7580e6f03098f0555ea2410be65dca0780fc9dc20f2989d43670905fd58458e99018ac12dc4fb773e5e586b5da960c25fb8bc80b3627ca

  • SSDEEP

    98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P5N:yDqPe1Cxcxk3ZAEUadT

Malware Config

Targets

    • Target

      c627a3087882305a308806c37c86758102f1a0f670abd8318d9988d4ec34aca6.exe

    • Size

      5.0MB

    • MD5

      14baa82b3b48237395b7f0b43927229f

    • SHA1

      99b382b9b239db3a3a0cc34ade673d6071b773d8

    • SHA256

      c627a3087882305a308806c37c86758102f1a0f670abd8318d9988d4ec34aca6

    • SHA512

      2819aa2a242abd57db7580e6f03098f0555ea2410be65dca0780fc9dc20f2989d43670905fd58458e99018ac12dc4fb773e5e586b5da960c25fb8bc80b3627ca

    • SSDEEP

      98304:yDqPoBhz1aRxcSUDk36SAEdhvxWa9P5N:yDqPe1Cxcxk3ZAEUadT

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3346) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1065) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Network Service Scanning

3
T1046

Tasks