Overview

overview

10

Static

static

3

4db15fcfcd...cs.dll

windows7-x64

10

4db15fcfcd...cs.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4db15fcfcdc14f7f6d5e8f0dff781a70_NeikiAnalytics.exe

  • Size

    5.0MB

  • Sample

    240529-kqaabshb31

  • MD5

    4db15fcfcdc14f7f6d5e8f0dff781a70

  • SHA1

    5d9afa34592c62e887e4054294179b6092b21ecb

  • SHA256

    b0698fea05357ffed6aa4e1094906abdd0cbce9045c78f5dac75de2e2a457bba

  • SHA512

    2b5ba5433f120686a3f47ea129056ce3f5544d25cc6c2eb1ef534a382bfc7ce723d314908c6491ed256fae6d48221b8ca19d96f4a0c4410b1a3de927f4e4c279

  • SSDEEP

    12288:/WbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+D3f:ObLgddQhfdmMSirYbcMNgef0s

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      4db15fcfcdc14f7f6d5e8f0dff781a70_NeikiAnalytics.exe

    • Size

      5.0MB

    • MD5

      4db15fcfcdc14f7f6d5e8f0dff781a70

    • SHA1

      5d9afa34592c62e887e4054294179b6092b21ecb

    • SHA256

      b0698fea05357ffed6aa4e1094906abdd0cbce9045c78f5dac75de2e2a457bba

    • SHA512

      2b5ba5433f120686a3f47ea129056ce3f5544d25cc6c2eb1ef534a382bfc7ce723d314908c6491ed256fae6d48221b8ca19d96f4a0c4410b1a3de927f4e4c279

    • SSDEEP

      12288:/WbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+D3f:ObLgddQhfdmMSirYbcMNgef0s

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3257) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks