Overview

overview

10

Static

static

3

aae8ec7c5c...04.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample1.zip

  • Size

    3.5MB

  • Sample

    241124-cc88hatrcj

  • MD5

    dd1aa09ca32d94db91c874bc4794d991

  • SHA1

    b6aedb5bd8d2a620ba63c8765565767eaf41e2f0

  • SHA256

    21afeeee6f2d7773ef69c1543c67fa78eb44b1de8fbca055919f500fb4fbc771

  • SHA512

    c3fbfb5aceec947e689980362bfe42692c0ea99420587d4f44dbc18ddf984d819970af1f74707ed662bb55efd5c7e65810be22af08e050de058d363574cdcfbf

  • SSDEEP

    49152:mFFO/5BZ1tSu8NrKXVUDfEQQM+920CisqIoLlmkAypY+0Huq3MxCshMfTAN3oOw5:mFF65BboueG+DsQQMWXIoZmkAE0X0MXT

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      aae8ec7c5c3a2c9d51efd49c94b8e904

    • Size

      5.0MB

    • MD5

      aae8ec7c5c3a2c9d51efd49c94b8e904

    • SHA1

      7fb29521ba2c607a39eafc74edc85f27fe277210

    • SHA256

      1ec4a548cc9c659e3517a575d005ab9d5128615185d34f582226971d26604517

    • SHA512

      645c428042abd0f7d835b188daf2d07bc77c4fe6c14171f1a66938f0c1ec8e97eb344d36178c659ff41e4a9590b7c2687d7c20d92d367bb6d0229ca8410cfe80

    • SSDEEP

      98304:EDqPoBhz1aRxcSUZk36SAEdhvxWa9P593R8yAVp2H:EDqPe1Cxc7k3ZAEUadzR8yc4H

    Score
    10/10
    wannacrydiscoveryevasionransomwareworm

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Wannacry family

      wannacry

    • Contacts a large (3221) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks