Overview

overview

10

Static

static

3

2bb25bfd55...20.dll

windows7-x64

10

2bb25bfd55...20.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20.dll

  • Size

    5.0MB

  • Sample

    250115-ctwczazkbk

  • MD5

    fdcac773c1bae1197a3b30bc0e44bf4d

  • SHA1

    11c157aa6e5e81f06b4075da79ba6871c8d99362

  • SHA256

    2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20

  • SHA512

    75d6390da0c7a75fbf404d63a67061eec25628f291b34057acf6b3e3acc565600f61aba3e64924759b0e57c8cba7f9c8c9fa3f2dce710e2fe1dc696f3104c6e7

  • SSDEEP

    49152:RnsEMSPbcBVQejy+TSqTdX1HkQo6SAARdhn:1fPoBhOcSUDk36SAEdh

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20.dll

    • Size

      5.0MB

    • MD5

      fdcac773c1bae1197a3b30bc0e44bf4d

    • SHA1

      11c157aa6e5e81f06b4075da79ba6871c8d99362

    • SHA256

      2bb25bfd55561e547c27fce2e29208f5255e3e121ff405ad154ad413fda59b20

    • SHA512

      75d6390da0c7a75fbf404d63a67061eec25628f291b34057acf6b3e3acc565600f61aba3e64924759b0e57c8cba7f9c8c9fa3f2dce710e2fe1dc696f3104c6e7

    • SSDEEP

      49152:RnsEMSPbcBVQejy+TSqTdX1HkQo6SAARdhn:1fPoBhOcSUDk36SAEdh

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Wannacry family

      wannacry

    • Contacts a large (3265) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks