General

  • Target

    18932442412.zip

  • Size

    1.8MB

  • Sample

    240912-q8lnzaxdqq

  • MD5

    a08e70a0c0fe44de831ed484cd806198

  • SHA1

    2ccc8f141c28b6a88b482a3e554b5065f305501d

  • SHA256

    4d632d7dd2806ad482349ac76e483728c57336fd80dee9fe21474f56f71b6c3d

  • SHA512

    4533bdea178e1c35bd89b7dd1c4eca0f9fede954eb69940435a0bd123669953682de56b834c4711ff15563e0fad4fec8080d3a0a07d3044843a5ffac6381ca5c

  • SSDEEP

    49152:wJDlMUZHf/++xdbhyZyYcKBLewH2Vvpnhl:wJpBT3PYzLOVV

Malware Config

Targets

    • Target

      9972b216c60b49496f23439c5db6cb6d2ec0ad9f91ea70d0ac59504214437244

    • Size

      5.0MB

    • MD5

      6976f29e458b1f7df01ccbbf37d4ac66

    • SHA1

      38298d192f972e48473a642a92244c2d25973e2b

    • SHA256

      9972b216c60b49496f23439c5db6cb6d2ec0ad9f91ea70d0ac59504214437244

    • SHA512

      e1855082733e2b2aab13f3413cd0df588452ca3df2f2de9daf248d52073fa4ae194a6f6fb2d725501143df9700c217e31a5e17be043a3a4ecb7b5562d9297b54

    • SSDEEP

      49152:QnpE/bcBVQej/1INRx+TSqTdX1HkQo6SAA:Qp4oBhz1aRxcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3157) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks