General

  • Target

    91647c8fdf3bc3b25797cb367d578dd3044f76993ba8457d89876f55b5cc841a.exe

  • Size

    5.0MB

  • Sample

    241222-qvrytsznbz

  • MD5

    4bc70640a4fe437921ec5e143e7de636

  • SHA1

    069c081ae40813a2168db3853eac5aba22d54066

  • SHA256

    91647c8fdf3bc3b25797cb367d578dd3044f76993ba8457d89876f55b5cc841a

  • SHA512

    2fee817321bef778f2dd7214c386b9e66c2f151e86485e14fd522d8f00eeb5abe7111b49e84587d9184ab0d1a45d81a30071522eff77f8fe94f535986044994c

  • SSDEEP

    49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAV:yDqPoBhz1aRxcSUDk36SAA

Malware Config

Targets

    • Target

      91647c8fdf3bc3b25797cb367d578dd3044f76993ba8457d89876f55b5cc841a.exe

    • Size

      5.0MB

    • MD5

      4bc70640a4fe437921ec5e143e7de636

    • SHA1

      069c081ae40813a2168db3853eac5aba22d54066

    • SHA256

      91647c8fdf3bc3b25797cb367d578dd3044f76993ba8457d89876f55b5cc841a

    • SHA512

      2fee817321bef778f2dd7214c386b9e66c2f151e86485e14fd522d8f00eeb5abe7111b49e84587d9184ab0d1a45d81a30071522eff77f8fe94f535986044994c

    • SSDEEP

      49152:2nAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAV:yDqPoBhz1aRxcSUDk36SAA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3230) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks