Malware Analysis Report

2024-10-19 07:30

Sample ID 240520-rd2mdadb37
Target wannacry-sample.exe
SHA256 07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd
Tags
wannacry ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

07c44729e2c570b37db695323249474831f5861d45318bf49ccf5d2f5c8ea1cd

Threat Level: Known bad

The file wannacry-sample.exe was found to be: Known bad.

Malicious Activity Summary

wannacry ransomware worm

Wannacry

Executes dropped EXE

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Modifies data under HKEY_USERS

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-20 14:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-20 14:05

Reported

2024-05-20 14:06

Platform

win7-20240221-en

Max time kernel

35s

Max time network

35s

Command Line

"C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe"

Signatures

Wannacry

ransomware worm wannacry

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\WINDOWS\tasksche.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\WINDOWS\tasksche.exe C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe

"C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe"

C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe

C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe -m security

C:\WINDOWS\tasksche.exe

C:\WINDOWS\tasksche.exe /i

Network

Country Destination Domain Proto
NZ 122.61.156.101:445 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.2.1:445 tcp
N/A 10.127.3.1:445 tcp
N/A 10.127.1.1:445 tcp
N/A 10.127.4.1:445 tcp
N/A 10.127.5.1:445 tcp
N/A 10.127.6.1:445 tcp
N/A 10.127.7.1:445 tcp
N/A 10.127.8.1:445 tcp
N/A 10.127.9.1:445 tcp
N/A 10.127.10.1:445 tcp
US 193.162.132.17:445 tcp
N/A 10.127.12.1:445 tcp
N/A 10.127.11.1:445 tcp
N/A 10.127.14.1:445 tcp
N/A 10.127.19.1:445 tcp
N/A 10.127.20.1:445 tcp
N/A 10.127.18.1:445 tcp
N/A 10.127.13.1:445 tcp
US 26.97.234.175:445 tcp
N/A 10.127.16.1:445 tcp
N/A 10.127.17.1:445 tcp
N/A 10.127.15.1:445 tcp
US 3.50.13.120:445 tcp
N/A 10.127.21.1:445 tcp
N/A 10.127.22.1:445 tcp
N/A 10.127.23.1:445 tcp
N/A 10.127.24.1:445 tcp
N/A 10.127.25.1:445 tcp
N/A 10.127.26.1:445 tcp
N/A 10.127.27.1:445 tcp
N/A 10.127.28.1:445 tcp
N/A 10.127.29.1:445 tcp
N/A 10.127.30.1:445 tcp
N/A 10.127.31.1:445 tcp
BH 16.25.110.145:445 tcp
PA 186.73.171.166:445 tcp
N/A 10.127.33.1:445 tcp
N/A 10.127.35.1:445 tcp
N/A 10.127.34.1:445 tcp
US 155.113.13.4:445 tcp
N/A 10.127.40.1:445 tcp
N/A 10.127.38.1:445 tcp
N/A 10.127.36.1:445 tcp
N/A 10.127.32.1:445 tcp
N/A 10.127.39.1:445 tcp
US 16.66.30.132:445 tcp
N/A 10.127.37.1:445 tcp
US 137.181.3.186:445 tcp
N/A 10.127.41.1:445 tcp
N/A 10.127.42.1:445 tcp
N/A 10.127.43.1:445 tcp
N/A 10.127.44.1:445 tcp
N/A 10.127.45.1:445 tcp
N/A 10.127.46.1:445 tcp
N/A 10.127.47.1:445 tcp
N/A 10.127.48.1:445 tcp
N/A 10.127.49.1:445 tcp
US 20.118.105.34:445 tcp
N/A 10.127.54.1:445 tcp
US 6.189.125.127:445 tcp
US 35.94.2.59:445 tcp
N/A 10.127.52.1:445 tcp
N/A 10.127.51.1:445 tcp
N/A 10.127.57.1:445 tcp
CN 111.144.92.174:445 tcp
N/A 10.127.55.1:445 tcp
N/A 10.127.60.1:445 tcp
N/A 10.127.61.1:445 tcp
N/A 10.127.63.1:445 tcp
N/A 10.127.50.1:445 tcp
N/A 10.127.59.1:445 tcp
US 4.103.227.228:445 tcp
N/A 10.127.53.1:445 tcp
N/A 10.127.58.1:445 tcp
N/A 10.127.56.1:445 tcp
US 63.24.240.254:445 tcp
N/A 10.127.62.1:445 tcp
N/A 10.127.64.1:445 tcp
N/A 10.127.65.1:445 tcp
US 35.134.32.62:445 tcp
N/A 10.127.66.1:445 tcp
N/A 10.127.67.1:445 tcp
US 70.96.113.71:445 tcp
N/A 10.127.72.1:445 tcp
N/A 151.219.96.152:445 tcp
N/A 10.127.71.1:445 tcp
N/A 10.127.68.1:445 tcp
N/A 10.127.73.1:445 tcp
US 206.33.209.67:445 tcp
N/A 10.127.69.1:445 tcp
N/A 10.127.70.1:445 tcp
N/A 10.127.76.1:445 tcp
N/A 10.127.74.1:445 tcp
US 48.97.90.171:445 tcp
N/A 10.127.75.1:445 tcp
US 215.208.246.173:445 tcp
N/A 10.127.78.1:445 tcp
N/A 10.127.81.1:445 tcp
N/A 10.127.79.1:445 tcp
US 156.127.249.203:445 tcp
N/A 10.127.77.1:445 tcp
US 33.121.79.155:445 tcp
N/A 10.127.80.1:445 tcp
N/A 10.127.82.1:445 tcp
N/A 10.127.83.1:445 tcp
N/A 10.127.84.1:445 tcp
N/A 10.127.85.1:445 tcp
N/A 10.127.86.1:445 tcp
N/A 10.127.87.1:445 tcp
FR 194.206.186.158:445 tcp
CN 42.128.69.155:445 tcp
AU 162.146.99.119:445 tcp
N/A 10.127.91.1:445 tcp
US 69.209.45.113:445 tcp
N/A 10.127.95.1:445 tcp
N/A 10.127.93.1:445 tcp
N/A 10.127.88.1:445 tcp
US 173.95.82.71:445 tcp
N/A 10.127.97.1:445 tcp
N/A 10.127.90.1:445 tcp
N/A 10.127.89.1:445 tcp
JP 219.202.185.29:445 tcp
N/A 10.127.92.1:445 tcp
N/A 10.127.94.1:445 tcp
US 97.135.4.105:445 tcp
N/A 10.127.96.1:445 tcp
US 9.161.40.210:445 tcp
N/A 10.127.98.1:445 tcp
N/A 10.127.99.1:445 tcp
N/A 10.127.100.1:445 tcp
US 38.78.150.60:445 tcp
HK 124.156.99.46:445 tcp
N/A 10.127.101.1:445 tcp
N/A 10.127.102.1:445 tcp
N/A 10.127.103.1:445 tcp
N/A 10.127.104.1:445 tcp
N/A 10.127.105.1:445 tcp
N/A 10.127.106.1:445 tcp
N/A 10.127.107.1:445 tcp
N/A 10.127.108.1:445 tcp
US 54.128.186.223:445 tcp
N/A 10.127.109.1:445 tcp
US 38.198.186.210:445 tcp
ES 37.18.242.60:445 tcp
DE 141.27.66.18:445 tcp
N/A 10.127.110.1:445 tcp
AU 58.110.87.155:445 tcp
N/A 10.127.114.1:445 tcp
KR 61.100.84.244:445 tcp
N/A 10.127.115.1:445 tcp
N/A 10.127.112.1:445 tcp
N/A 10.127.113.1:445 tcp
N/A 10.127.117.1:445 tcp
US 159.222.174.211:445 tcp
N/A 10.127.111.1:445 tcp
N/A 10.127.119.1:445 tcp
N/A 10.127.118.1:445 tcp
US 132.93.54.246:445 tcp
TW 49.219.84.230:445 tcp
N/A 10.127.120.1:445 tcp
KR 211.60.13.163:445 tcp
N/A 10.127.116.1:445 tcp
US 30.239.101.113:445 tcp
N/A 10.127.121.1:445 tcp
US 75.52.54.43:445 tcp
N/A 10.127.122.1:445 tcp
N/A 10.127.123.1:445 tcp
N/A 10.127.124.1:445 tcp
N/A 10.127.125.1:445 tcp
N/A 10.127.126.1:445 tcp
N/A 10.127.127.1:445 tcp
HK 221.128.42.230:445 tcp
N/A 10.127.128.1:445 tcp
CN 39.68.42.80:445 tcp
N/A 10.127.129.1:445 tcp
JP 61.115.68.233:445 tcp
US 205.14.182.208:445 tcp
GB 82.45.102.63:445 tcp
GT 190.143.173.190:445 tcp
N/A 10.127.130.1:445 tcp
US 44.114.144.93:445 tcp
N/A 10.127.134.1:445 tcp
N/A 10.127.131.1:445 tcp
N/A 10.127.133.1:445 tcp
US 23.148.38.236:445 tcp
N/A 10.127.137.1:445 tcp
N/A 10.127.138.1:445 tcp
N/A 10.127.132.1:445 tcp
US 74.141.141.133:445 tcp
US 149.163.170.192:445 tcp
N/A 10.127.136.1:445 tcp
N/A 10.127.139.1:445 tcp
US 54.51.20.33:445 tcp
BR 187.45.218.115:445 tcp
N/A 10.127.135.1:445 tcp
N/A 10.127.141.1:445 tcp
US 44.157.166.193:445 tcp
JP 133.102.115.248:445 tcp
N/A 10.127.140.1:445 tcp
N/A 10.127.142.1:445 tcp
N/A 10.127.143.1:445 tcp
N/A 10.127.144.1:445 tcp
N/A 10.127.145.1:445 tcp
US 172.68.225.214:445 tcp
N/A 10.127.146.1:445 tcp
US 156.42.254.46:445 tcp
N/A 10.127.151.1:445 tcp
CN 114.213.232.188:445 tcp
SK 62.152.134.201:445 tcp
N/A 10.127.150.1:445 tcp
CN 124.78.69.205:445 tcp
US 70.14.248.225:445 tcp
N/A 10.127.152.1:445 tcp
JP 133.107.150.131:445 tcp
US 151.194.161.170:445 tcp
N/A 10.127.149.1:445 tcp
N/A 10.127.153.1:445 tcp
US 208.225.183.3:445 tcp
N/A 10.127.148.1:445 tcp
US 157.216.134.8:445 tcp
N/A 10.127.157.1:445 tcp
CN 110.206.109.90:445 tcp
N/A 10.127.155.1:445 tcp
N/A 10.127.147.1:445 tcp
CN 106.3.19.121:445 tcp
N/A 10.127.154.1:445 tcp
US 129.53.254.85:445 tcp
N/A 10.127.159.1:445 tcp
N/A 10.127.156.1:445 tcp
N/A 10.127.164.1:445 tcp
ID 120.161.71.71:445 tcp
N/A 10.127.163.1:445 tcp
CN 223.69.117.92:445 tcp
N/A 10.127.161.1:445 tcp
N/A 10.127.160.1:445 tcp
N/A 10.127.158.1:445 tcp
NL 52.236.166.192:445 tcp
N/A 10.127.162.1:445 tcp
PH 122.2.39.206:445 tcp
N/A 10.127.165.1:445 tcp
JP 110.129.59.18:445 tcp
N/A 10.127.166.1:445 tcp
US 12.193.172.141:445 tcp
N/A 10.127.168.1:445 tcp
CN 110.229.27.93:445 tcp
DE 79.237.71.52:445 tcp
US 160.144.130.163:445 tcp
N/A 10.127.169.1:445 tcp
N/A 10.127.171.1:445 tcp
N/A 10.127.167.1:445 tcp
US 21.0.173.203:445 tcp
FR 83.193.121.233:445 tcp
N/A 10.127.170.1:445 tcp
N/A 10.127.172.1:445 tcp
N/A 10.127.173.1:445 tcp
N/A 10.127.174.1:445 tcp
N/A 10.127.175.1:445 tcp
CA 96.127.230.167:445 tcp
KR 203.225.92.246:445 tcp
N/A 10.127.176.1:445 tcp
N/A 10.127.177.1:445 tcp
US 205.21.249.7:445 tcp
N/A 10.127.178.1:445 tcp
CN 110.196.183.175:445 tcp
N/A 10.127.179.1:445 tcp
N/A 10.127.180.1:445 tcp
N/A 10.127.181.1:445 tcp
US 160.91.78.102:445 tcp
N/A 10.127.182.1:445 tcp
US 56.100.169.64:445 tcp
N/A 10.127.183.1:445 tcp
N/A 10.127.184.1:445 tcp
N/A 10.127.185.1:445 tcp
US 30.101.109.140:445 tcp
GB 8.208.68.224:445 tcp
N/A 10.127.186.1:445 tcp
US 199.110.95.209:445 tcp
US 50.215.108.226:445 tcp
DE 167.87.91.106:445 tcp
IN 103.134.162.242:445 tcp
US 97.30.84.207:445 tcp
US 158.145.225.71:445 tcp
N/A 10.127.188.1:445 tcp
N/A 10.127.189.1:445 tcp
N/A 10.127.187.1:445 tcp
US 129.219.105.59:445 tcp
US 24.26.118.142:445 tcp
N/A 10.127.192.1:445 tcp
N/A 10.127.194.1:445 tcp
N/A 10.127.195.1:445 tcp
ES 85.59.51.24:445 tcp
DE 188.96.138.160:445 tcp
N/A 10.127.193.1:445 tcp
N/A 10.127.190.1:445 tcp
N/A 10.127.191.1:445 tcp
N/A 10.127.196.1:445 tcp
N/A 10.127.197.1:445 tcp
CI 41.207.200.22:445 tcp
PH 130.105.32.226:445 tcp
BE 147.196.38.191:445 tcp
US 26.115.208.9:445 tcp
KR 124.46.47.63:445 tcp
N/A 10.127.198.1:445 tcp
N/A 10.127.199.1:445 tcp
US 54.204.89.70:445 tcp
N/A 10.127.200.1:445 tcp
DZ 105.104.27.188:445 tcp
N/A 10.127.201.1:445 tcp
N/A 10.127.202.1:445 tcp
N/A 10.127.203.1:445 tcp
US 153.42.138.7:445 tcp
N/A 10.127.204.1:445 tcp
US 30.201.126.131:445 tcp
N/A 10.127.205.1:445 tcp
N/A 10.127.206.1:445 tcp
N/A 10.127.207.1:445 tcp
DK 83.73.118.228:445 tcp
US 137.160.217.53:445 tcp
US 215.4.141.244:445 tcp
US 6.68.246.149:445 tcp
US 11.249.81.15:445 tcp
DE 176.2.60.145:445 tcp
N/A 10.127.208.1:445 tcp
CN 182.157.24.250:445 tcp
BR 191.247.36.228:445 tcp
N/A 10.127.212.1:445 tcp
N/A 10.127.211.1:445 tcp
BE 80.200.4.212:445 tcp
RU 212.38.124.90:445 tcp
N/A 10.127.209.1:445 tcp
N/A 10.127.210.1:445 tcp
N/A 10.127.215.1:445 tcp
N/A 10.127.213.1:445 tcp
N/A 10.127.214.1:445 tcp
N/A 10.127.216.1:445 tcp
N/A 10.127.217.1:445 tcp
N/A 10.127.218.1:445 tcp
HK 202.43.226.240:445 tcp
N/A 10.127.219.1:445 tcp
TW 120.120.16.247:445 tcp
US 157.87.45.190:445 tcp
SE 2.71.70.94:445 tcp
TH 158.108.148.192:445 tcp
CN 223.97.231.129:445 tcp
MX 187.172.214.22:445 tcp
IS 130.208.32.97:445 tcp
N/A 10.127.220.1:445 tcp
N/A 10.127.221.1:445 tcp
DE 91.5.161.146:445 tcp
N/A 10.127.222.1:445 tcp
US 17.235.8.93:445 tcp
N/A 10.127.223.1:445 tcp
N/A 10.127.224.1:445 tcp
N/A 10.127.225.1:445 tcp
US 173.10.126.254:445 tcp
KR 116.34.100.149:445 tcp
N/A 10.127.226.1:445 tcp
US 185.124.59.208:445 tcp
US 65.24.171.181:445 tcp
N/A 10.127.227.1:445 tcp
CN 110.94.197.33:445 tcp
N/A 10.127.230.1:445 tcp
AR 186.142.62.162:445 tcp
CN 222.92.249.112:445 tcp
N/A 10.127.229.1:445 tcp
CN 183.215.138.69:445 tcp
US 72.167.163.124:445 tcp
US 11.112.131.196:445 tcp
CN 60.182.222.5:445 tcp
SA 212.12.191.60:445 tcp
N/A 10.127.228.1:445 tcp
N/A 10.127.233.1:445 tcp
N/A 10.127.232.1:445 tcp
JP 133.7.60.131:445 tcp
N/A 10.127.231.1:445 tcp
N/A 10.127.234.1:445 tcp
N/A 10.127.235.1:445 tcp
N/A 10.127.236.1:445 tcp
N/A 10.127.237.1:445 tcp
DE 209.84.25.230:445 tcp
N/A 10.127.238.1:445 tcp
N/A 10.127.239.1:445 tcp
JP 113.20.234.208:445 tcp
N/A 10.127.240.1:445 tcp
CA 66.132.180.28:445 tcp
US 52.44.141.99:445 tcp
N/A 10.127.241.1:445 tcp
US 208.217.130.29:445 tcp
CN 27.152.60.11:445 tcp
US 198.201.181.112:445 tcp
US 132.29.151.203:445 tcp
CO 186.170.209.190:445 tcp
US 17.213.198.7:445 tcp
N/A 10.127.242.1:445 tcp
N/A 10.127.243.1:445 tcp
AU 101.173.46.152:445 tcp
CN 59.174.87.24:445 tcp
US 167.194.124.76:445 tcp
N/A 10.127.247.1:445 tcp
US 161.161.34.3:445 tcp
N/A 10.127.246.1:445 tcp
N/A 10.127.244.1:445 tcp
US 159.136.128.113:445 tcp
FR 155.140.248.56:445 tcp
N/A 10.127.250.1:445 tcp
US 56.139.200.73:445 tcp
N/A 10.127.252.1:445 tcp
N/A 10.127.249.1:445 tcp
US 107.74.190.53:445 tcp
CN 116.79.7.127:445 tcp
US 99.121.139.158:445 tcp
N/A 10.127.245.1:445 tcp
JP 219.47.181.12:445 tcp
AU 58.110.178.242:445 tcp
GB 2.25.82.164:445 tcp
N/A 10.127.248.1:445 tcp
N/A 10.127.251.1:445 tcp
AU 118.127.185.146:445 tcp
N/A 10.8.155.18:445 tcp
N/A 10.127.253.1:445 tcp
N/A 10.127.254.1:445 tcp
N/A 10.127.255.1:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.1.2:445 tcp
US 171.140.72.116:445 tcp
N/A 10.127.2.2:445 tcp
JP 61.123.227.178:445 tcp
N/A 10.127.3.2:445 tcp
CN 122.13.59.201:445 tcp
N/A 10.127.4.2:445 tcp
N/A 10.127.5.2:445 tcp
US 69.22.113.30:445 tcp
N/A 10.127.6.2:445 tcp
CN 153.37.39.138:445 tcp
US 174.189.148.24:445 tcp
N/A 10.127.7.2:445 tcp
JP 219.4.187.19:445 tcp
MX 201.113.145.174:445 tcp
GB 109.234.198.185:445 tcp
US 96.244.87.213:445 tcp
CA 153.79.98.21:445 tcp
IN 117.247.165.249:445 tcp
N/A 10.127.9.2:445 tcp
US 74.26.15.84:445 tcp
GF 128.201.91.118:445 tcp
N/A 10.127.8.2:445 tcp
CA 4.205.31.114:445 tcp
N/A 10.127.11.2:445 tcp
RS 46.17.124.67:445 tcp
US 63.243.68.32:445 tcp
N/A 10.127.10.2:445 tcp
N/A 10.127.13.2:445 tcp
N/A 10.127.12.2:445 tcp
CN 14.19.80.110:445 tcp
FI 185.33.75.188:445 tcp
MX 201.144.23.70:445 tcp
US 4.92.104.176:445 tcp
N/A 10.127.18.2:445 tcp
N/A 10.127.14.2:445 tcp
CA 169.197.159.74:445 tcp
US 98.187.198.254:445 tcp
RU 89.221.192.248:445 tcp
N/A 10.127.17.2:445 tcp
RO 95.76.212.142:445 tcp
N/A 10.127.15.2:445 tcp
N/A 10.127.16.2:445 tcp
N/A 10.127.19.2:445 tcp
US 47.88.8.132:445 tcp
N/A 10.127.20.2:445 tcp
US 50.225.135.35:445 tcp
DE 91.9.90.81:445 tcp
N/A 10.127.21.2:445 tcp
CN 60.163.36.79:445 tcp
N/A 10.127.22.2:445 tcp
N/A 10.127.23.2:445 tcp
US 104.201.88.149:445 tcp
N/A 10.127.24.2:445 tcp
SG 128.106.206.30:445 tcp
N/A 10.127.25.2:445 tcp
US 108.29.27.45:445 tcp
N/A 10.127.26.2:445 tcp
N/A 10.127.27.2:445 tcp
US 6.170.184.203:445 tcp
N/A 10.127.28.2:445 tcp
GB 81.171.200.161:445 tcp
GB 195.105.95.1:445 tcp
N/A 10.127.29.2:445 tcp
US 77.75.54.243:445 tcp
US 104.136.217.7:445 tcp
BR 179.195.149.81:445 tcp
US 97.97.52.67:445 tcp
GB 25.113.3.148:445 tcp
US 75.192.112.227:445 tcp
N/A 10.127.30.2:445 tcp
US 75.219.206.192:445 tcp
US 12.33.44.169:445 tcp
DE 185.244.120.58:445 tcp
US 65.82.97.239:445 tcp
JP 211.9.79.100:445 tcp
EG 102.61.108.183:445 tcp
US 55.206.18.176:445 tcp
N/A 10.127.36.2:445 tcp
N/A 10.127.31.2:445 tcp
JP 133.202.122.201:445 tcp
US 47.42.66.114:445 tcp
N/A 10.127.35.2:445 tcp
FR 77.197.216.144:445 tcp
N/A 10.127.32.2:445 tcp
DE 178.9.222.20:445 tcp
N/A 10.127.33.2:445 tcp
N/A 10.127.39.2:445 tcp
BR 200.154.180.162:445 tcp
N/A 10.127.34.2:445 tcp
N/A 10.127.37.2:445 tcp
N/A 10.127.38.2:445 tcp
N/A 10.127.40.2:445 tcp
PL 31.61.211.22:445 tcp
US 206.213.218.155:445 tcp
N/A 10.127.41.2:445 tcp
KR 175.158.28.55:445 tcp
N/A 10.127.42.2:445 tcp
US 208.158.125.117:445 tcp
US 66.22.215.224:445 tcp
CN 112.130.123.186:445 tcp
N/A 10.127.43.2:445 tcp
US 30.219.199.116:445 tcp
N/A 10.127.44.2:445 tcp
N/A 10.127.45.2:445 tcp
US 54.49.221.165:445 tcp
N/A 10.127.46.2:445 tcp
BR 143.137.156.112:445 tcp
N/A 10.127.47.2:445 tcp
TR 88.241.248.225:445 tcp
N/A 10.127.48.2:445 tcp
CN 42.177.30.144:445 tcp
TW 218.35.141.71:445 tcp
JP 114.146.228.44:445 tcp
N/A 10.127.50.2:445 tcp
US 69.79.239.209:445 tcp
N/A 10.127.49.2:445 tcp
KR 211.254.11.219:445 tcp
NL 82.161.198.238:445 tcp
N/A 10.127.51.2:445 tcp
US 20.189.164.181:445 tcp
US 166.52.4.81:445 tcp
US 33.192.18.30:445 tcp
US 73.56.247.15:445 tcp
BD 37.111.218.194:445 tcp
US 50.168.143.161:445 tcp
CN 202.118.217.27:445 tcp
US 30.202.39.55:445 tcp
US 35.128.144.222:445 tcp
TN 160.158.239.94:445 tcp
N/A 10.127.52.2:445 tcp
BR 187.114.158.8:445 tcp
JP 218.121.13.238:445 tcp
N/A 10.127.54.2:445 tcp
N/A 10.127.60.2:445 tcp
JP 218.116.103.22:445 tcp
N/A 10.127.53.2:445 tcp
N/A 10.127.56.2:445 tcp
N/A 10.127.55.2:445 tcp
N/A 10.127.57.2:445 tcp
N/A 10.127.58.2:445 tcp
N/A 10.127.59.2:445 tcp
N/A 10.127.61.2:445 tcp
N/A 10.127.62.2:445 tcp
SA 90.148.10.86:445 tcp
IT 2.236.21.102:445 tcp
US 70.166.51.80:445 tcp
JP 160.238.51.35:445 tcp
US 130.30.98.91:445 tcp
US 206.166.144.52:445 tcp
N/A 10.127.63.2:445 tcp
US 104.26.153.242:445 tcp
N/A 10.127.64.2:445 tcp
KE 105.51.83.34:445 tcp
MA 102.97.49.138:445 tcp
US 32.118.134.245:445 tcp
N/A 10.127.65.2:445 tcp
US 108.212.110.169:445 tcp
N/A 10.127.66.2:445 tcp
N/A 10.127.67.2:445 tcp
US 26.20.48.88:445 tcp
AU 123.2.0.111:445 tcp
DE 93.252.1.72:445 tcp
N/A 10.127.69.2:445 tcp
VN 171.230.145.232:445 tcp
CH 136.238.144.38:445 tcp
TH 168.120.156.57:445 tcp
US 75.113.148.168:445 tcp
N/A 10.127.72.2:445 tcp
JP 106.151.203.205:445 tcp
N/A 10.127.73.2:445 tcp
US 13.110.181.227:445 tcp
N/A 10.127.68.2:445 tcp
ES 161.111.13.102:445 tcp
SE 134.25.22.59:445 tcp
KR 211.184.238.123:445 tcp
SE 88.145.57.122:445 tcp
N/A 10.127.71.2:445 tcp
N/A 10.127.70.2:445 tcp
US 22.203.182.0:445 tcp
SA 5.156.122.168:445 tcp
US 55.212.77.212:445 tcp
N/A 10.127.74.2:445 tcp
JP 218.225.123.140:445 tcp
N/A 10.127.77.2:445 tcp
IN 27.250.27.210:445 tcp
PE 38.137.199.83:445 tcp
VN 113.166.239.190:445 tcp
N/A 10.127.75.2:445 tcp
N/A 10.127.76.2:445 tcp
N/A 10.127.78.2:445 tcp
N/A 10.127.79.2:445 tcp
N/A 10.127.80.2:445 tcp
N/A 10.127.81.2:445 tcp
N/A 10.127.82.2:445 tcp
N/A 74.34.72.56:445 tcp
N/A 10.127.83.2:445 tcp
N/A 186.137.24.123:445 tcp
N/A 16.216.135.1:445 tcp
N/A 10.127.84.2:445 tcp
N/A 33.232.128.140:445 tcp
N/A 134.201.79.103:445 tcp
N/A 53.140.197.130:445 tcp
N/A 84.97.141.25:445 tcp
N/A 10.127.85.2:445 tcp
N/A 50.235.166.123:445 tcp
N/A 138.220.201.233:445 tcp
N/A 71.99.184.146:445 tcp
N/A 10.127.86.2:445 tcp
N/A 27.38.90.249:445 tcp
N/A 10.127.87.2:445 tcp
N/A 77.131.69.153:445 tcp
N/A 19.171.27.254:445 tcp
N/A 87.35.153.206:445 tcp
N/A 10.127.88.2:445 tcp

Files

C:\Windows\tasksche.exe

MD5 7f7ccaa16fb15eb1c7399d422f8363e8
SHA1 bd44d0ab543bf814d93b719c24e90d8dd7111234
SHA256 2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
SHA512 83e334b80de08903cfa9891a3fa349c1ece7e19f8e62b74a017512fa9a7989a0fd31929bf1fc13847bee04f2da3dacf6bc3f5ee58f0e4b9d495f4b9af12ed2b7

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-20 14:05

Reported

2024-05-20 14:06

Platform

win10v2004-20240508-en

Max time kernel

33s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe"

Signatures

Wannacry

ransomware worm wannacry

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\WINDOWS\tasksche.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\WINDOWS\tasksche.exe C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe

"C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe"

C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe

C:\Users\Admin\AppData\Local\Temp\wannacry-sample.exe -m security

C:\WINDOWS\tasksche.exe

C:\WINDOWS\tasksche.exe /i

Network

Country Destination Domain Proto
US 7.61.127.146:445 tcp
N/A 10.127.0.1:445 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 208.142.123.92.in-addr.arpa udp
N/A 10.127.1.1:445 tcp
N/A 10.127.2.1:445 tcp
N/A 10.127.3.1:445 tcp
N/A 10.127.4.1:445 tcp
N/A 10.127.5.1:445 tcp
N/A 10.127.6.1:445 tcp
N/A 10.127.7.1:445 tcp
N/A 10.127.8.1:445 tcp
N/A 10.127.9.1:445 tcp
N/A 10.127.10.1:445 tcp
N/A 10.127.11.1:445 tcp
US 64.215.66.106:445 tcp
N/A 10.127.12.1:445 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
N/A 10.127.13.1:445 tcp
N/A 10.127.14.1:445 tcp
N/A 10.127.15.1:445 tcp
N/A 10.127.16.1:445 tcp
N/A 10.127.17.1:445 tcp
N/A 10.127.20.1:445 tcp
N/A 10.127.19.1:445 tcp
UA 217.30.202.125:445 tcp
N/A 10.127.18.1:445 tcp
N/A 10.127.21.1:445 tcp
US 74.4.38.101:445 tcp
N/A 10.127.23.1:445 tcp
N/A 10.127.22.1:445 tcp
N/A 10.127.24.1:445 tcp
N/A 10.127.25.1:445 tcp
N/A 10.127.26.1:445 tcp
N/A 10.127.27.1:445 tcp
N/A 10.127.28.1:445 tcp
N/A 10.127.29.1:445 tcp
N/A 10.127.30.1:445 tcp
N/A 10.127.31.1:445 tcp
N/A 10.127.32.1:445 tcp
TN 154.111.188.35:445 tcp
UA 178.94.1.7:445 tcp
N/A 10.127.34.1:445 tcp
N/A 10.127.38.1:445 tcp
N/A 10.127.40.1:445 tcp
N/A 10.127.36.1:445 tcp
N/A 10.127.33.1:445 tcp
N/A 10.127.35.1:445 tcp
US 30.6.33.72:445 tcp
N/A 10.127.41.1:445 tcp
N/A 10.127.37.1:445 tcp
N/A 10.127.43.1:445 tcp
N/A 10.127.42.1:445 tcp
N/A 10.127.39.1:445 tcp
N/A 10.127.44.1:445 tcp
N/A 10.127.45.1:445 tcp
N/A 10.127.46.1:445 tcp
US 17.196.137.173:445 tcp
N/A 10.127.47.1:445 tcp
N/A 10.127.48.1:445 tcp
N/A 10.127.49.1:445 tcp
N/A 10.127.50.1:445 tcp
N/A 10.127.51.1:445 tcp
N/A 10.127.52.1:445 tcp
N/A 10.127.53.1:445 tcp
US 72.133.236.189:445 tcp
N/A 10.127.54.1:445 tcp
CN 203.171.208.24:445 tcp
N/A 10.127.55.1:445 tcp
US 18.34.202.176:445 tcp
N/A 10.127.56.1:445 tcp
CH 77.58.82.93:445 tcp
N/A 10.127.57.1:445 tcp
N/A 10.127.59.1:445 tcp
N/A 10.127.63.1:445 tcp
GB 131.251.115.51:445 tcp
N/A 10.127.60.1:445 tcp
N/A 10.127.65.1:445 tcp
N/A 10.127.58.1:445 tcp
N/A 10.127.62.1:445 tcp
N/A 10.127.61.1:445 tcp
N/A 10.127.64.1:445 tcp
N/A 10.127.66.1:445 tcp
GB 194.152.65.178:445 tcp
N/A 10.127.67.1:445 tcp
N/A 10.127.68.1:445 tcp
KZ 212.154.241.36:445 tcp
N/A 10.127.69.1:445 tcp
N/A 10.127.70.1:445 tcp
N/A 10.127.71.1:445 tcp
N/A 10.127.72.1:445 tcp
N/A 10.127.73.1:445 tcp
N/A 10.127.74.1:445 tcp
N/A 10.127.75.1:445 tcp
FR 144.56.62.173:445 tcp
NL 145.116.65.25:445 tcp
N/A 10.127.77.1:445 tcp
FR 51.159.68.120:445 tcp
N/A 10.127.78.1:445 tcp
US 166.147.198.218:445 tcp
N/A 10.127.76.1:445 tcp
N/A 10.127.81.1:445 tcp
IR 188.208.240.132:445 tcp
US 33.204.33.222:445 tcp
N/A 10.127.79.1:445 tcp
N/A 10.127.86.1:445 tcp
N/A 10.127.84.1:445 tcp
N/A 10.127.88.1:445 tcp
KR 124.153.224.159:445 tcp
N/A 10.127.80.1:445 tcp
N/A 10.127.82.1:445 tcp
N/A 10.127.83.1:445 tcp
N/A 10.127.85.1:445 tcp
N/A 10.127.87.1:445 tcp
MX 189.177.248.248:445 tcp
N/A 10.127.89.1:445 tcp
N/A 10.127.90.1:445 tcp
CO 190.9.222.123:445 tcp
N/A 10.127.91.1:445 tcp
N/A 10.127.92.1:445 tcp
N/A 10.127.93.1:445 tcp
ID 103.183.94.79:445 tcp
N/A 10.127.94.1:445 tcp
KR 125.137.215.135:445 tcp
N/A 10.127.97.1:445 tcp
N/A 10.127.95.1:445 tcp
N/A 10.127.99.1:445 tcp
PT 94.61.68.24:445 tcp
N/A 10.127.96.1:445 tcp
N/A 10.127.98.1:445 tcp
US 97.151.85.184:445 tcp
N/A 10.127.101.1:445 tcp
N/A 10.127.100.1:445 tcp
HK 45.200.104.117:445 tcp
CN 39.88.142.166:445 tcp
N/A 10.127.104.1:445 tcp
US 63.74.152.201:445 tcp
RO 89.47.233.119:445 tcp
N/A 10.127.102.1:445 tcp
N/A 10.127.103.1:445 tcp
N/A 10.127.105.1:445 tcp
N/A 10.127.106.1:445 tcp
N/A 10.127.107.1:445 tcp
N/A 10.127.108.1:445 tcp
N/A 10.127.109.1:445 tcp
N/A 10.127.110.1:445 tcp
GB 185.220.15.52:445 tcp
N/A 10.127.111.1:445 tcp
N/A 10.127.112.1:445 tcp
CN 117.74.218.194:445 tcp
N/A 10.127.113.1:445 tcp
N/A 10.127.114.1:445 tcp
DE 178.201.29.156:445 tcp
N/A 10.127.115.1:445 tcp
US 214.215.236.203:445 tcp
KR 1.234.27.114:445 tcp
N/A 10.127.117.1:445 tcp
N/A 10.127.119.1:445 tcp
N/A 10.127.116.1:445 tcp
BG 84.238.155.171:445 tcp
N/A 10.127.118.1:445 tcp
US 22.203.164.48:445 tcp
N/A 10.127.124.1:445 tcp
US 63.123.98.131:445 tcp
US 168.97.58.114:445 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 70.149.59.154:445 tcp
US 156.130.183.4:445 tcp
N/A 10.127.127.1:445 tcp
N/A 10.127.123.1:445 tcp
US 69.200.155.80:445 tcp
N/A 10.127.125.1:445 tcp
N/A 10.127.126.1:445 tcp
N/A 10.127.120.1:445 tcp
N/A 10.127.121.1:445 tcp
N/A 10.127.122.1:445 tcp
N/A 10.127.128.1:445 tcp
N/A 10.127.129.1:445 tcp
N/A 10.127.130.1:445 tcp
N/A 10.127.131.1:445 tcp
N/A 10.127.132.1:445 tcp
CN 113.223.96.38:445 tcp
N/A 10.127.133.1:445 tcp
KW 193.108.142.167:445 tcp
N/A 10.127.134.1:445 tcp
N/A 10.127.135.1:445 tcp
AU 157.211.40.136:445 tcp
KR 182.211.68.93:445 tcp
N/A 10.127.137.1:445 tcp
N/A 10.127.136.1:445 tcp
AU 146.116.128.23:445 tcp
N/A 100.93.141.244:445 tcp
N/A 10.127.138.1:445 tcp
N/A 10.127.139.1:445 tcp
US 15.50.115.136:445 tcp
N/A 10.127.140.1:445 tcp
MX 148.204.101.116:445 tcp
N/A 10.127.141.1:445 tcp
US 23.222.236.194:445 tcp
AU 146.195.52.75:445 tcp
N/A 10.127.142.1:445 tcp
N/A 10.127.146.1:445 tcp
US 75.209.88.62:445 tcp
JP 180.29.1.19:445 tcp
N/A 10.127.144.1:445 tcp
N/A 10.127.143.1:445 tcp
N/A 10.127.148.1:445 tcp
GB 62.232.106.82:445 tcp
N/A 10.127.145.1:445 tcp
DK 17.253.106.4:445 tcp
N/A 10.127.147.1:445 tcp
N/A 10.127.150.1:445 tcp
N/A 10.127.149.1:445 tcp
N/A 10.127.151.1:445 tcp
N/A 10.127.152.1:445 tcp
N/A 10.127.153.1:445 tcp
US 158.28.70.46:445 tcp
N/A 10.127.154.1:445 tcp
JP 132.179.95.58:445 tcp
N/A 10.127.155.1:445 tcp
N/A 10.127.156.1:445 tcp
HK 103.116.14.100:445 tcp
KR 175.120.24.161:445 tcp
N/A 10.127.157.1:445 tcp
CN 222.37.140.59:445 tcp
US 132.120.178.57:445 tcp
N/A 10.127.159.1:445 tcp
CL 201.241.48.111:445 tcp
US 204.111.114.29:445 tcp
N/A 10.127.158.1:445 tcp
N/A 10.127.160.1:445 tcp
IT 89.118.218.55:445 tcp
N/A 10.127.161.1:445 tcp
N/A 10.127.164.1:445 tcp
N/A 10.127.163.1:445 tcp
BR 201.73.104.115:445 tcp
US 12.214.123.172:445 tcp
N/A 10.127.166.1:445 tcp
N/A 10.127.165.1:445 tcp
N/A 10.127.162.1:445 tcp
MX 189.239.26.53:445 tcp
US 147.208.235.189:445 tcp
N/A 10.127.167.1:445 tcp
TN 196.227.71.190:445 tcp
PT 2.83.11.167:445 tcp
N/A 10.127.170.1:445 tcp
N/A 10.127.169.1:445 tcp
N/A 10.127.168.1:445 tcp
N/A 10.127.171.1:445 tcp
N/A 10.127.172.1:445 tcp
N/A 10.127.173.1:445 tcp
N/A 10.127.174.1:445 tcp
ZA 105.227.99.158:445 tcp
N/A 10.127.175.1:445 tcp
CA 97.108.16.201:445 tcp
N/A 10.127.176.1:445 tcp
JP 211.135.135.226:445 tcp
N/A 10.127.177.1:445 tcp
N/A 10.127.178.1:445 tcp
US 208.209.77.252:445 tcp
US 136.223.174.143:445 tcp
US 107.235.121.141:445 tcp
US 50.134.218.198:445 tcp
N/A 10.127.180.1:445 tcp
US 69.115.192.11:445 tcp
ID 120.166.174.144:445 tcp
N/A 10.127.179.1:445 tcp
N/A 10.127.182.1:445 tcp
N/A 10.127.185.1:445 tcp
JP 124.141.146.161:445 tcp
DE 53.250.247.200:445 tcp
N/A 10.127.184.1:445 tcp
N/A 10.127.183.1:445 tcp
N/A 10.127.186.1:445 tcp
N/A 10.127.181.1:445 tcp
MA 105.77.10.216:445 tcp
US 8.8.30.224:445 tcp
N/A 10.127.187.1:445 tcp
US 214.118.151.214:445 tcp
N/A 10.127.188.1:445 tcp
US 20.237.81.207:445 tcp
US 26.115.4.200:445 tcp
DE 51.226.161.176:445 tcp
N/A 10.127.189.1:445 tcp
N/A 10.127.190.1:445 tcp
N/A 10.127.191.1:445 tcp
N/A 10.127.192.1:445 tcp
N/A 10.127.193.1:445 tcp
N/A 10.127.194.1:445 tcp
IL 132.78.36.127:445 tcp
US 47.248.133.54:445 tcp
N/A 10.127.195.1:445 tcp
N/A 10.127.196.1:445 tcp
N/A 10.127.197.1:445 tcp
US 171.204.119.164:445 tcp
US 40.139.6.175:445 tcp
N/A 10.127.198.1:445 tcp
N/A 10.127.199.1:445 tcp
BR 177.67.213.129:445 tcp
US 65.27.111.18:445 tcp
US 99.20.9.85:445 tcp
N/A 10.127.200.1:445 tcp
US 157.207.106.106:445 tcp
N/A 10.127.202.1:445 tcp
US 174.22.193.63:445 tcp
US 35.47.45.163:445 tcp
N/A 10.127.201.1:445 tcp
N/A 10.127.203.1:445 tcp
HK 116.193.159.214:445 tcp
BR 45.164.199.34:445 tcp
AU 160.25.63.11:445 tcp
KR 211.44.7.228:445 tcp
US 65.98.141.254:445 tcp
N/A 10.127.207.1:445 tcp
N/A 10.127.210.1:445 tcp
N/A 10.127.206.1:445 tcp
PL 93.176.244.175:445 tcp
BR 201.26.54.137:445 tcp
N/A 10.127.208.1:445 tcp
N/A 10.127.211.1:445 tcp
N/A 10.127.205.1:445 tcp
N/A 10.127.209.1:445 tcp
ZA 41.168.229.78:445 tcp
US 28.28.127.84:445 tcp
N/A 10.127.204.1:445 tcp
N/A 10.127.212.1:445 tcp
N/A 10.127.213.1:445 tcp
N/A 10.127.214.1:445 tcp
N/A 10.127.215.1:445 tcp
TW 163.22.161.173:445 tcp
SY 91.144.13.203:445 tcp
N/A 10.127.216.1:445 tcp
US 99.90.167.209:445 tcp
US 174.208.42.67:445 tcp
N/A 10.127.217.1:445 tcp
N/A 10.127.218.1:445 tcp
N/A 10.127.219.1:445 tcp
US 170.114.140.176:445 tcp
US 32.56.131.127:445 tcp
JP 113.159.29.21:445 tcp
N/A 10.127.221.1:445 tcp
N/A 10.127.220.1:445 tcp
MA 41.92.123.24:445 tcp
FI 82.130.5.253:445 tcp
MA 160.90.152.195:445 tcp
GE 5.178.183.138:445 tcp
US 198.57.198.140:445 tcp
DE 141.76.80.107:445 tcp
N/A 10.127.227.1:445 tcp
N/A 10.127.226.1:445 tcp
AR 190.139.165.78:445 tcp
US 72.187.235.7:445 tcp
GB 178.100.22.67:445 tcp
N/A 10.127.225.1:445 tcp
N/A 10.127.224.1:445 tcp
KR 49.170.207.59:445 tcp
N/A 10.127.229.1:445 tcp
EG 41.65.90.42:445 tcp
US 30.116.156.27:445 tcp
N/A 10.127.230.1:445 tcp
N/A 10.127.223.1:445 tcp
N/A 10.127.228.1:445 tcp
US 144.168.214.195:445 tcp
US 29.18.205.180:445 tcp
N/A 10.127.231.1:445 tcp
N/A 10.127.235.1:445 tcp
IE 52.97.254.172:445 tcp
US 23.38.102.202:445 tcp
N/A 10.127.222.1:445 tcp
N/A 10.127.232.1:445 tcp
N/A 10.127.233.1:445 tcp
N/A 10.127.234.1:445 tcp
N/A 10.127.236.1:445 tcp
N/A 10.127.237.1:445 tcp
N/A 10.127.238.1:445 tcp
US 64.60.91.147:445 tcp
US 67.143.109.183:445 tcp
N/A 10.127.239.1:445 tcp
N/A 10.127.240.1:445 tcp
US 208.244.222.65:445 tcp
DE 195.158.52.151:445 tcp
FR 78.240.84.246:445 tcp
GB 161.2.14.21:445 tcp
US 44.121.131.224:445 tcp
CN 222.223.131.83:445 tcp
N/A 10.127.241.1:445 tcp
US 143.197.214.220:445 tcp
CA 170.52.99.207:445 tcp
N/A 10.127.243.1:445 tcp
N/A 10.127.244.1:445 tcp
N/A 10.127.242.1:445 tcp
N/A 10.127.245.1:445 tcp
CN 113.115.97.245:445 tcp
SG 54.251.229.51:445 tcp
N/A 10.127.248.1:445 tcp
US 151.121.158.185:445 tcp
SA 178.80.10.92:445 tcp
N/A 10.127.246.1:445 tcp
US 73.246.101.145:445 tcp
DE 193.174.146.250:445 tcp
N/A 10.127.251.1:445 tcp
JP 219.172.65.161:445 tcp
N/A 10.127.254.1:445 tcp
US 206.142.220.226:445 tcp
US 216.150.34.45:445 tcp
US 209.222.177.0:445 tcp
N/A 10.127.247.1:445 tcp
N/A 10.127.1.2:445 tcp
N/A 10.127.250.1:445 tcp
US 138.2.224.205:445 tcp
ES 85.62.111.87:445 tcp
N/A 10.127.249.1:445 tcp
N/A 10.127.252.1:445 tcp
N/A 10.127.253.1:445 tcp
N/A 10.127.255.1:445 tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.2.2:445 tcp
IT 188.14.131.217:445 tcp
US 4.75.238.42:445 tcp
N/A 10.127.3.2:445 tcp
MX 189.224.180.237:445 tcp
US 205.55.13.28:445 tcp
US 136.28.219.140:445 tcp
N/A 10.127.4.2:445 tcp
DE 149.224.79.37:445 tcp
HK 103.211.126.167:445 tcp
IN 122.178.14.111:445 tcp
N/A 10.127.7.2:445 tcp
CN 223.113.20.204:445 tcp
MY 60.52.203.140:445 tcp
US 8.84.234.164:445 tcp
N/A 10.127.12.2:445 tcp
KR 175.208.143.143:445 tcp
US 72.144.100.40:445 tcp
N/A 10.127.6.2:445 tcp
N/A 10.127.5.2:445 tcp
N/A 10.127.9.2:445 tcp
US 50.104.83.213:445 tcp
US 67.134.113.20:445 tcp
ES 195.133.188.157:445 tcp
N/A 10.127.8.2:445 tcp
N/A 10.127.11.2:445 tcp
N/A 10.127.10.2:445 tcp
HK 18.167.94.9:445 tcp
US 207.62.249.217:445 tcp
US 128.13.163.17:445 tcp
DE 93.249.77.39:445 tcp
IT 158.110.102.77:445 tcp
US 216.81.160.114:445 tcp
N/A 10.127.14.2:445 tcp
N/A 10.127.15.2:445 tcp
N/A 10.127.13.2:445 tcp
CN 120.196.134.217:445 tcp
US 17.128.225.1:445 tcp
JP 221.101.54.183:445 tcp
N/A 10.127.23.2:445 tcp
N/A 10.127.16.2:445 tcp
N/A 10.127.17.2:445 tcp
N/A 10.127.18.2:445 tcp
N/A 10.127.19.2:445 tcp
N/A 10.127.20.2:445 tcp
N/A 10.127.21.2:445 tcp
N/A 10.127.22.2:445 tcp
DE 141.54.191.120:445 tcp
US 44.29.186.247:445 tcp
N/A 10.127.24.2:445 tcp
CL 181.162.123.104:445 tcp
KR 121.173.119.38:445 tcp
US 128.34.223.159:445 tcp
US 174.167.211.127:445 tcp
US 208.0.48.178:445 tcp
QA 34.18.69.37:445 tcp
N/A 10.127.26.2:445 tcp
PL 5.253.91.210:445 tcp
UY 186.8.151.252:445 tcp
DE 193.26.199.145:445 tcp
US 138.35.118.197:445 tcp
BR 135.231.49.114:445 tcp
US 162.131.204.87:445 tcp
N/A 10.127.25.2:445 tcp
N/A 10.127.28.2:445 tcp
US 75.0.194.129:445 tcp
GB 146.32.78.36:445 tcp
US 75.146.185.231:445 tcp
N/A 10.127.27.2:445 tcp
N/A 10.127.34.2:445 tcp
N/A 10.127.33.2:445 tcp
N/A 10.127.30.2:445 tcp
KR 182.162.209.152:445 tcp
BR 189.111.144.71:445 tcp
US 72.170.86.110:445 tcp
N/A 10.127.29.2:445 tcp
N/A 10.127.32.2:445 tcp
N/A 10.127.31.2:445 tcp
US 144.254.137.20:445 tcp
US 28.227.161.177:445 tcp
DE 87.78.34.146:445 tcp
N/A 10.127.38.2:445 tcp
CN 58.132.57.237:445 tcp
FR 163.96.64.240:445 tcp
US 75.40.115.103:445 tcp
N/A 10.127.35.2:445 tcp
N/A 10.127.36.2:445 tcp
N/A 10.127.37.2:445 tcp
N/A 10.127.39.2:445 tcp
N/A 10.127.40.2:445 tcp
N/A 10.127.41.2:445 tcp
N/A 10.127.42.2:445 tcp
N/A 10.127.43.2:445 tcp
US 202.40.105.132:445 tcp
US 21.205.115.63:445 tcp
N/A 10.127.44.2:445 tcp
KR 49.61.198.157:445 tcp
N/A 10.127.45.2:445 tcp
US 21.13.192.40:445 tcp
US 208.164.188.161:445 tcp
ES 213.60.191.118:445 tcp
N/A 10.127.46.2:445 tcp
US 34.110.140.162:445 tcp
JP 150.96.179.100:445 tcp
US 218.33.69.38:445 tcp
US 205.71.191.126:445 tcp
US 206.55.116.180:445 tcp
LV 185.72.84.31:445 tcp
N/A 10.127.47.2:445 tcp
US 23.226.11.9:445 tcp
TR 5.11.136.213:445 tcp
N/A 10.127.49.2:445 tcp
LU 158.169.64.32:445 tcp
N/A 10.127.50.2:445 tcp
N/A 10.127.52.2:445 tcp
JP 219.190.235.13:445 tcp
DE 134.169.211.125:445 tcp
US 139.151.225.246:445 tcp
US 101.49.181.67:445 tcp
N/A 10.127.48.2:445 tcp
N/A 10.127.55.2:445 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 161.214.234.241:445 tcp
US 184.209.220.35:445 tcp
CN 111.183.134.155:445 tcp
N/A 10.127.57.2:445 tcp
N/A 10.127.51.2:445 tcp
N/A 10.127.53.2:445 tcp
SA 167.100.156.243:445 tcp
BR 177.178.15.23:445 tcp
N/A 10.127.54.2:445 tcp
US 17.128.187.244:445 tcp
N/A 10.127.59.2:445 tcp
FR 77.203.249.205:445 tcp
US 214.227.91.2:445 tcp
CA 174.4.207.0:445 tcp
N/A 10.127.58.2:445 tcp
N/A 10.127.60.2:445 tcp
N/A 10.127.56.2:445 tcp
N/A 10.127.63.2:445 tcp
CN 14.28.33.244:445 tcp
US 19.81.86.113:445 tcp
N/A 10.127.61.2:445 tcp
N/A 10.127.62.2:445 tcp
N/A 10.127.64.2:445 tcp
N/A 10.127.65.2:445 tcp
US 19.174.91.52:445 tcp
N/A 10.127.66.2:445 tcp
US 44.225.94.41:445 tcp
US 68.11.138.56:445 tcp
KR 14.80.77.156:445 tcp
US 70.39.224.151:445 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 136.209.11.252:445 tcp
CN 171.115.22.59:445 tcp
N/A 10.127.67.2:445 tcp
IE 108.133.32.144:445 tcp
JP 221.55.49.205:445 tcp
CN 60.183.22.79:445 tcp
CN 49.81.160.217:445 tcp
N/A 10.127.68.2:445 tcp
US 208.254.199.19:445 tcp
IN 65.0.46.185:445 tcp
N/A 100.67.146.247:445 tcp
N/A 10.127.70.2:445 tcp
N/A 10.127.69.2:445 tcp
N/A 10.127.71.2:445 tcp
N/A 10.127.72.2:445 tcp
N/A 10.127.73.2:445 tcp
N/A 10.127.74.2:445 tcp
N/A 10.127.75.2:445 tcp
N/A 116.140.31.35:445 tcp
N/A 135.162.94.13:445 tcp
N/A 10.127.76.2:445 tcp
N/A 98.154.14.91:445 tcp
N/A 98.239.228.52:445 tcp
N/A 10.127.77.2:445 tcp
N/A 10.127.78.2:445 tcp
N/A 182.135.227.10:445 tcp
N/A 204.39.154.6:445 tcp
N/A 10.127.79.2:445 tcp
N/A 59.169.185.89:445 tcp
N/A 109.231.74.142:445 tcp
N/A 22.44.113.170:445 tcp
N/A 78.249.144.134:445 tcp
N/A 221.221.247.227:445 tcp
N/A 10.127.80.2:445 tcp

Files

C:\Windows\tasksche.exe

MD5 7f7ccaa16fb15eb1c7399d422f8363e8
SHA1 bd44d0ab543bf814d93b719c24e90d8dd7111234
SHA256 2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
SHA512 83e334b80de08903cfa9891a3fa349c1ece7e19f8e62b74a017512fa9a7989a0fd31929bf1fc13847bee04f2da3dacf6bc3f5ee58f0e4b9d495f4b9af12ed2b7