General

  • Target

    7bba25492c40d9def36387b8c9923af1b13b2e96ce605a97672fae9628a76e32

  • Size

    1.7MB

  • Sample

    240922-kgtbvazhmp

  • MD5

    9acd28e544e0a8edcd67f015d1f006b6

  • SHA1

    ac026c4a25767ab420080ff1c1481d385dc73080

  • SHA256

    7bba25492c40d9def36387b8c9923af1b13b2e96ce605a97672fae9628a76e32

  • SHA512

    ca7870277c0a08c7f5af5ed34499e817b83d72c1a57fd3da286e757eaa1ff0bf2a795e4b05a801a1a47087e38d625441b95e117a9887f6bf3e6f3d66bf0c3c41

  • SSDEEP

    49152:ehc+paDYhFaK7+YDR8j+XSqTzJ1J8Qa6yyQnt13Z3:D+0VKLF8jmSUp8D6yyyt1p3

Malware Config

Targets

    • Target

      33

    • Size

      2.2MB

    • MD5

      3f2329d0f8ce9e26372d4d9544e22e99

    • SHA1

      d0e659b2445765d8935bffb6112fe105931532cb

    • SHA256

      dcbc8fbed1dbefd3f57336f67ea5cc9c1f133b74069f2719d045bf3d2c4ed8eb

    • SHA512

      3145ca9bea2860a4509520f5a355783bc2e1bfe3791b4d6b76791eaffd865b00b05712c7a0704c6047010e4c495e185dc6d6a022799a1cdfff76426fb7b6a7c3

    • SSDEEP

      49152:VnFQqMSPbcBVQej/vx+TSqTdX1HkQo6SAARdhnvn:ZeqPoBhzvxcSUDk36SAEdhvn

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3080) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks