wannacry | 92e19d8feec6650171bd8d60954fc3af2d253002b64547ad22e4761ad74fdb90

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2025, 14:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c3591eb1df1f5f60cc846685303fb58.dll
Size

5.0MB
MD5

3c3591eb1df1f5f60cc846685303fb58
SHA1

d0c3fd09e35ca27aa28099dd5c28f2f0b3f28e2b
SHA256

92e19d8feec6650171bd8d60954fc3af2d253002b64547ad22e4761ad74fdb90
SHA512

f23a38cd00a83bb35a707fd821fd7dd3b706c77fe36b1e03819c0a1cf61424b54163aae0741b7ae6cd14f8a0399c34738500eca897390baa04c102525099eaea
SSDEEP

49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:d8qPoBhz1aRxcSUDk36SAEdhvxWa9

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Contacts a large (3345) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 3 IoCs

pid	Process
768	mssecsvc.exe
2556	mssecsvc.exe
3044	tasksche.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 1052	4648	rundll32.exe	82
PID 4648 wrote to memory of 1052	4648	rundll32.exe	82
PID 4648 wrote to memory of 1052	4648	rundll32.exe	82
PID 1052 wrote to memory of 768	1052	rundll32.exe	83
PID 1052 wrote to memory of 768	1052	rundll32.exe	83
PID 1052 wrote to memory of 768	1052	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c3591eb1df1f5f60cc846685303fb58.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c3591eb1df1f5f60cc846685303fb58.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:768
  - - C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      4⤵
      Executes dropped EXE
      PID:3044

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2556

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

180.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.129.81.91.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

200.163.202.172.in-addr.arpa

Request

200.163.202.172.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

86.49.80.91.in-addr.arpa

Request

86.49.80.91.in-addr.arpa

IN PTR

Response
DNS

8.153.16.2.in-addr.arpa

Request

8.153.16.2.in-addr.arpa

IN PTR

Response

8.153.16.2.in-addr.arpa

IN PTR

a2-16-153-8deploystaticakamaitechnologiescom
DNS

19.229.111.52.in-addr.arpa

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

146.230.160.34.in-addr.arpa

Request

146.230.160.34.in-addr.arpa

IN PTR

Response

146.230.160.34.in-addr.arpa

IN PTR

14623016034bcgoogleusercontentcom
DNS

1.230.160.34.in-addr.arpa

Request

1.230.160.34.in-addr.arpa

IN PTR

Response

1.230.160.34.in-addr.arpa

IN PTR

123016034bcgoogleusercontentcom
DNS

3.230.160.34.in-addr.arpa

Request

3.230.160.34.in-addr.arpa

IN PTR

Response

3.230.160.34.in-addr.arpa

IN PTR

323016034bcgoogleusercontentcom
DNS

4.230.160.34.in-addr.arpa

Request

4.230.160.34.in-addr.arpa

IN PTR

Response

4.230.160.34.in-addr.arpa

IN PTR

423016034bcgoogleusercontentcom
DNS

199.147.36.34.in-addr.arpa

Request

199.147.36.34.in-addr.arpa

IN PTR

Response

199.147.36.34.in-addr.arpa

IN PTR

1991473634bcgoogleusercontentcom
DNS

6.230.160.34.in-addr.arpa

Request

6.230.160.34.in-addr.arpa

IN PTR

Response

6.230.160.34.in-addr.arpa

IN PTR

623016034bcgoogleusercontentcom
DNS

4.147.36.34.in-addr.arpa

Request

4.147.36.34.in-addr.arpa

IN PTR

Response

4.147.36.34.in-addr.arpa

IN PTR

41473634bcgoogleusercontentcom
DNS

1.121.84.89.in-addr.arpa

Request

1.121.84.89.in-addr.arpa

IN PTR

Response

1.121.84.89.in-addr.arpa

IN PTR

ram31-h03-89-84-121-1dslstaabobboxfr
DNS

8.230.160.34.in-addr.arpa

Request

8.230.160.34.in-addr.arpa

IN PTR

Response

8.230.160.34.in-addr.arpa

IN PTR

823016034bcgoogleusercontentcom
DNS

201.121.84.89.in-addr.arpa

Request

201.121.84.89.in-addr.arpa

IN PTR

Response

201.121.84.89.in-addr.arpa

IN PTR

ram31-h03-89-84-121-201dslstaabobboxfr
DNS

10.230.160.34.in-addr.arpa

Request

10.230.160.34.in-addr.arpa

IN PTR

Response

10.230.160.34.in-addr.arpa

IN PTR

1023016034bcgoogleusercontentcom
DNS

8.147.36.34.in-addr.arpa

Request

8.147.36.34.in-addr.arpa

IN PTR

Response

8.147.36.34.in-addr.arpa

IN PTR

81473634bcgoogleusercontentcom
DNS

12.230.160.34.in-addr.arpa

Request

12.230.160.34.in-addr.arpa

IN PTR

Response

12.230.160.34.in-addr.arpa

IN PTR

1223016034bcgoogleusercontentcom
DNS

2.121.84.89.in-addr.arpa

Request

2.121.84.89.in-addr.arpa

IN PTR

Response

2.121.84.89.in-addr.arpa

IN PTR

ram31-h03-89-84-121-2dslstaabobboxfr
DNS

13.147.36.34.in-addr.arpa

Request

13.147.36.34.in-addr.arpa

IN PTR

Response

13.147.36.34.in-addr.arpa

IN PTR

131473634bcgoogleusercontentcom
DNS

15.230.160.34.in-addr.arpa

Request

15.230.160.34.in-addr.arpa

IN PTR

Response

15.230.160.34.in-addr.arpa

IN PTR

1523016034bcgoogleusercontentcom

47.135.130.179:445

mssecsvc.exe

104 B
2
10.127.0.1:445

mssecsvc.exe

52 B
1
10.127.1.1:445

mssecsvc.exe
10.127.2.1:445

mssecsvc.exe
10.127.3.1:445

mssecsvc.exe
10.127.4.1:445

mssecsvc.exe
10.127.5.1:445

mssecsvc.exe
10.127.6.1:445

mssecsvc.exe
10.127.7.1:445

mssecsvc.exe
10.127.8.1:445

mssecsvc.exe
10.127.9.1:445

mssecsvc.exe
10.127.10.1:445

mssecsvc.exe
47.85.45.227:445

mssecsvc.exe

104 B
2
10.127.11.1:445

mssecsvc.exe
10.127.12.1:445

mssecsvc.exe
10.127.13.1:445

mssecsvc.exe
10.127.14.1:445

mssecsvc.exe
10.127.15.1:445

mssecsvc.exe
10.127.16.1:445

mssecsvc.exe
10.127.17.1:445

mssecsvc.exe
10.127.18.1:445

mssecsvc.exe
59.167.169.120:445

mssecsvc.exe

104 B
2
96.120.63.87:445

mssecsvc.exe

104 B
2
10.127.19.1:445

mssecsvc.exe
10.127.20.1:445

mssecsvc.exe
10.127.21.1:445

mssecsvc.exe
10.127.22.1:445

mssecsvc.exe
10.127.23.1:445

mssecsvc.exe
10.127.24.1:445

mssecsvc.exe
10.127.25.1:445

mssecsvc.exe
10.127.26.1:445

mssecsvc.exe
10.127.27.1:445

mssecsvc.exe
10.127.28.1:445

mssecsvc.exe
10.127.29.1:445

mssecsvc.exe
10.127.30.1:445

mssecsvc.exe
10.127.31.1:445

mssecsvc.exe
10.127.32.1:445

mssecsvc.exe
55.38.216.191:445

mssecsvc.exe

104 B
2
10.127.33.1:445

mssecsvc.exe
207.228.2.71:445

mssecsvc.exe

104 B
80 B
2
2
10.127.34.1:445

mssecsvc.exe
37.231.51.239:445

mssecsvc.exe

52 B
1
121.215.50.63:445

mssecsvc.exe

52 B
1
136.83.90.246:445

mssecsvc.exe

104 B
2
10.127.35.1:445

mssecsvc.exe
10.127.36.1:445

mssecsvc.exe
10.127.37.1:445

mssecsvc.exe
10.127.38.1:445

mssecsvc.exe
10.127.39.1:445

mssecsvc.exe
10.127.40.1:445

mssecsvc.exe
10.127.41.1:445

mssecsvc.exe
10.127.42.1:445

mssecsvc.exe
10.127.43.1:445

mssecsvc.exe
10.127.44.1:445

mssecsvc.exe
10.127.45.1:445

mssecsvc.exe
10.127.46.1:445

mssecsvc.exe
10.127.47.1:445

mssecsvc.exe
10.127.48.1:445

mssecsvc.exe
10.127.49.1:445

mssecsvc.exe
10.127.50.1:445

mssecsvc.exe
10.127.51.1:445

mssecsvc.exe
10.127.52.1:445

mssecsvc.exe
10.127.53.1:445

mssecsvc.exe
10.127.54.1:445

mssecsvc.exe
124.95.179.68:445

mssecsvc.exe

104 B
2
10.127.55.1:445

mssecsvc.exe
80.79.88.195:445

mssecsvc.exe

104 B
2
3.41.249.196:445

mssecsvc.exe

104 B
2
210.47.237.131:445

mssecsvc.exe

52 B
1
155.119.83.17:445

mssecsvc.exe

52 B
1
39.243.118.226:445

mssecsvc.exe

52 B
1
67.159.48.0:445

mssecsvc.exe

104 B
2
10.127.56.1:445

mssecsvc.exe
10.127.57.1:445

mssecsvc.exe
10.127.58.1:445

mssecsvc.exe
10.127.59.1:445

mssecsvc.exe
10.127.60.1:445

mssecsvc.exe
10.127.61.1:445

mssecsvc.exe
10.127.62.1:445

mssecsvc.exe
10.127.63.1:445

mssecsvc.exe
10.127.64.1:445

mssecsvc.exe
10.127.65.1:445

mssecsvc.exe
10.127.66.1:445

mssecsvc.exe
10.127.67.1:445

mssecsvc.exe
10.127.68.1:445

mssecsvc.exe
10.127.69.1:445

mssecsvc.exe
10.127.70.1:445

mssecsvc.exe
10.127.71.1:445

mssecsvc.exe
10.127.72.1:445

mssecsvc.exe
10.127.73.1:445

mssecsvc.exe
10.127.74.1:445

mssecsvc.exe
43.187.175.101:445

mssecsvc.exe

52 B
1
10.127.75.1:445

mssecsvc.exe
10.127.76.1:445

mssecsvc.exe
66.144.129.129:445

mssecsvc.exe

104 B
2
10.127.77.1:445

mssecsvc.exe
24.118.223.136:445

mssecsvc.exe

52 B
1
200.43.120.254:445

mssecsvc.exe

52 B
1
160.146.250.62:445

mssecsvc.exe

104 B
2
63.25.109.26:445

mssecsvc.exe

104 B
2
152.153.151.52:445

mssecsvc.exe

104 B
2
103.164.192.241:445

mssecsvc.exe

104 B
80 B
2
2
105.129.52.56:445

mssecsvc.exe

104 B
2
10.127.78.1:445

mssecsvc.exe
10.127.79.1:445

mssecsvc.exe
10.127.80.1:445

mssecsvc.exe
10.127.81.1:445

mssecsvc.exe
10.127.82.1:445

mssecsvc.exe
10.127.83.1:445

mssecsvc.exe
10.127.84.1:445

mssecsvc.exe
10.127.85.1:445

mssecsvc.exe
10.127.86.1:445

mssecsvc.exe
10.127.87.1:445

mssecsvc.exe
10.127.88.1:445

mssecsvc.exe
10.127.89.1:445

mssecsvc.exe
10.127.90.1:445

mssecsvc.exe
10.127.91.1:445

mssecsvc.exe
10.127.92.1:445

mssecsvc.exe
10.127.93.1:445

mssecsvc.exe
10.127.94.1:445

mssecsvc.exe
10.127.95.1:445

mssecsvc.exe
10.127.96.1:445

mssecsvc.exe
7.239.41.54:445

mssecsvc.exe

104 B
2
46.246.248.213:445

mssecsvc.exe

104 B
2
10.127.97.1:445

mssecsvc.exe
114.63.52.1:445

mssecsvc.exe

52 B
1
50.219.182.234:445

mssecsvc.exe

104 B
80 B
2
2
10.127.98.1:445

mssecsvc.exe
10.127.99.1:445

mssecsvc.exe
153.30.101.83:445

mssecsvc.exe

104 B
2
193.244.96.196:445

mssecsvc.exe

104 B
2
111.73.246.252:445

mssecsvc.exe

52 B
1
218.88.122.190:445

mssecsvc.exe

104 B
2
10.127.100.1:445

mssecsvc.exe
98.234.16.132:445

mssecsvc.exe

104 B
2
23.69.62.117:445

mssecsvc.exe

104 B
2
10.127.101.1:445

mssecsvc.exe
10.127.102.1:445

mssecsvc.exe
10.127.103.1:445

mssecsvc.exe
10.127.104.1:445

mssecsvc.exe
10.127.105.1:445

mssecsvc.exe
10.127.106.1:445

mssecsvc.exe
10.127.107.1:445

mssecsvc.exe
10.127.108.1:445

mssecsvc.exe
10.127.109.1:445

mssecsvc.exe
10.127.110.1:445

mssecsvc.exe
10.127.111.1:445

mssecsvc.exe
10.127.112.1:445

mssecsvc.exe
10.127.113.1:445

mssecsvc.exe
174.229.31.104:445

mssecsvc.exe

104 B
2
10.127.114.1:445

mssecsvc.exe
201.110.139.62:445

mssecsvc.exe

104 B
2
10.127.115.1:445

mssecsvc.exe
10.127.116.1:445

mssecsvc.exe
10.127.117.1:445

mssecsvc.exe
10.127.118.1:445

mssecsvc.exe
206.23.108.214:445

mssecsvc.exe

52 B
1
45.0.97.15:445

mssecsvc.exe

104 B
2
222.176.52.214:445

mssecsvc.exe

52 B
1
110.185.108.58:445

mssecsvc.exe

104 B
2
75.204.14.179:445

mssecsvc.exe

52 B
1
111.151.120.54:445

mssecsvc.exe

104 B
2
60.48.163.149:445

mssecsvc.exe

52 B
1
179.146.20.252:445

mssecsvc.exe

104 B
2
62.172.84.77:445

mssecsvc.exe

104 B
2
168.153.228.26:445

mssecsvc.exe

104 B
2
10.127.119.1:445

mssecsvc.exe
10.127.120.1:445

mssecsvc.exe
10.127.121.1:445

mssecsvc.exe
10.127.122.1:445

mssecsvc.exe
10.127.123.1:445

mssecsvc.exe
10.127.124.1:445

mssecsvc.exe
10.127.125.1:445

mssecsvc.exe
10.127.126.1:445

mssecsvc.exe
10.127.127.1:445

mssecsvc.exe
10.127.128.1:445

mssecsvc.exe
10.127.129.1:445

mssecsvc.exe
10.127.130.1:445

mssecsvc.exe
10.127.131.1:445

mssecsvc.exe
10.127.132.1:445

mssecsvc.exe
10.127.133.1:445

mssecsvc.exe
10.127.134.1:445

mssecsvc.exe
165.235.180.245:445

mssecsvc.exe

104 B
2
221.116.103.139:445

mssecsvc.exe

104 B
2
10.127.135.1:445

mssecsvc.exe
10.127.136.1:445

mssecsvc.exe
10.127.137.1:445

mssecsvc.exe
195.45.20.208:445

mssecsvc.exe

104 B
2
139.92.167.149:445

mssecsvc.exe

104 B
2
10.127.138.1:445

mssecsvc.exe
90.54.251.222:445

mssecsvc.exe

104 B
2
141.213.46.58:445

mssecsvc.exe

52 B
1
67.142.122.194:445

mssecsvc.exe

104 B
2
166.47.71.51:445

mssecsvc.exe

104 B
2
200.109.147.132:445

mssecsvc.exe

104 B
2
81.38.66.103:445

mssecsvc.exe

104 B
2
86.34.214.23:445

mssecsvc.exe

104 B
2
7.79.104.71:445

mssecsvc.exe

52 B
1
162.63.217.188:445

mssecsvc.exe

104 B
2
10.127.139.1:445

mssecsvc.exe
9.0.131.7:445

mssecsvc.exe

104 B
2
10.127.140.1:445

mssecsvc.exe
10.127.141.1:445

mssecsvc.exe
10.127.142.1:445

mssecsvc.exe
10.127.143.1:445

mssecsvc.exe
10.127.144.1:445

mssecsvc.exe
10.127.145.1:445

mssecsvc.exe
10.127.146.1:445

mssecsvc.exe
10.127.147.1:445

mssecsvc.exe
10.127.148.1:445

mssecsvc.exe
10.127.149.1:445

mssecsvc.exe
10.127.150.1:445

mssecsvc.exe
10.127.151.1:445

mssecsvc.exe
10.127.152.1:445

mssecsvc.exe
10.127.153.1:445

mssecsvc.exe
10.127.154.1:445

mssecsvc.exe
10.127.155.1:445

mssecsvc.exe
10.127.156.1:445

mssecsvc.exe
118.123.101.254:445

mssecsvc.exe

52 B
1
114.53.63.175:445

mssecsvc.exe

52 B
1
164.98.183.132:445

mssecsvc.exe

52 B
1
15.30.135.214:445

mssecsvc.exe

52 B
1
191.55.154.89:445

mssecsvc.exe

52 B
1
217.18.58.241:445

mssecsvc.exe

104 B
2
163.3.192.65:445

mssecsvc.exe

104 B
2
117.131.100.192:445

mssecsvc.exe

52 B
1
217.115.217.103:445

mssecsvc.exe

52 B
1
89.151.247.72:445

mssecsvc.exe

104 B
2
43.174.102.32:445

mssecsvc.exe

52 B
1
210.210.121.127:445

mssecsvc.exe

104 B
2
69.233.92.166:445

mssecsvc.exe

104 B
2
223.29.43.47:445

mssecsvc.exe

104 B
2
92.173.186.179:445

mssecsvc.exe

52 B
1
99.223.11.234:445

mssecsvc.exe

104 B
2
10.127.157.1:445

mssecsvc.exe
10.127.158.1:445

mssecsvc.exe
10.127.159.1:445

mssecsvc.exe
10.127.160.1:445

mssecsvc.exe
10.127.161.1:445

mssecsvc.exe
10.127.162.1:445

mssecsvc.exe
10.127.163.1:445

mssecsvc.exe
10.127.164.1:445

mssecsvc.exe
10.127.165.1:445

mssecsvc.exe
10.127.166.1:445

mssecsvc.exe
10.127.167.1:445

mssecsvc.exe
10.127.168.1:445

mssecsvc.exe
10.127.169.1:445

mssecsvc.exe
10.127.170.1:445

mssecsvc.exe
10.127.171.1:445

mssecsvc.exe
10.127.172.1:445

mssecsvc.exe
10.127.173.1:445

mssecsvc.exe
10.127.174.1:445

mssecsvc.exe
10.127.175.1:445

mssecsvc.exe
10.127.176.1:445

mssecsvc.exe
162.21.37.150:445

mssecsvc.exe

104 B
2
216.35.243.175:445

mssecsvc.exe

52 B
1
10.127.177.1:445

mssecsvc.exe
10.127.178.1:445

mssecsvc.exe
28.71.176.101:445

mssecsvc.exe

104 B
2
108.20.204.10:445

mssecsvc.exe

52 B
1
13.221.111.91:445

mssecsvc.exe

52 B
1
142.192.12.179:445

mssecsvc.exe

52 B
1
130.145.182.104:445

mssecsvc.exe

104 B
2
179.219.127.158:445

mssecsvc.exe

52 B
1
50.26.99.43:445

mssecsvc.exe

104 B
2
184.78.7.40:445

mssecsvc.exe

104 B
2
153.250.42.57:445

mssecsvc.exe

104 B
2
45.191.125.159:445

mssecsvc.exe

104 B
2
57.135.130.53:445

mssecsvc.exe

104 B
2
102.146.131.61:445

mssecsvc.exe

104 B
2
94.58.126.169:445

mssecsvc.exe

104 B
2
36.164.116.46:445

mssecsvc.exe

104 B
2
55.248.125.3:445

mssecsvc.exe

104 B
2
199.161.238.155:445

mssecsvc.exe

104 B
2
10.127.179.1:445

mssecsvc.exe
10.127.180.1:445

mssecsvc.exe
10.127.181.1:445

mssecsvc.exe
10.127.182.1:445

mssecsvc.exe
10.127.183.1:445

mssecsvc.exe
10.127.184.1:445

mssecsvc.exe
10.127.185.1:445

mssecsvc.exe
10.127.186.1:445

mssecsvc.exe
10.127.187.1:445

mssecsvc.exe
10.127.188.1:445

mssecsvc.exe
10.127.189.1:445

mssecsvc.exe
10.127.190.1:445

mssecsvc.exe
10.127.191.1:445

mssecsvc.exe
10.127.192.1:445

mssecsvc.exe
10.127.193.1:445

mssecsvc.exe
10.127.194.1:445

mssecsvc.exe
10.127.195.1:445

mssecsvc.exe
10.127.196.1:445

mssecsvc.exe
119.176.232.239:445

mssecsvc.exe

104 B
2
100.98.233.139:445

mssecsvc.exe

52 B
1
10.127.197.1:445

mssecsvc.exe
10.127.198.1:445

mssecsvc.exe
223.103.115.28:445

mssecsvc.exe

52 B
1
19.48.97.120:445

mssecsvc.exe

52 B
1
205.127.165.98:445

mssecsvc.exe

104 B
2
210.174.77.7:445

mssecsvc.exe

104 B
2
85.161.198.60:445

mssecsvc.exe

52 B
1
77.217.65.53:445

mssecsvc.exe

104 B
2
192.190.47.56:445

mssecsvc.exe

104 B
2
90.80.55.140:445

mssecsvc.exe

104 B
2
140.251.120.82:445

mssecsvc.exe

104 B
2
143.61.204.30:445

mssecsvc.exe

104 B
2
213.223.29.152:445

mssecsvc.exe

104 B
2
172.249.254.198:445

mssecsvc.exe

104 B
2
165.229.16.129:445

mssecsvc.exe

52 B
1
158.45.22.142:445

mssecsvc.exe

52 B
1
31.122.21.35:445

mssecsvc.exe

52 B
1
56.107.55.165:445

mssecsvc.exe

52 B
1
34.75.236.218:445

mssecsvc.exe

104 B
2
10.127.199.1:445

mssecsvc.exe
10.127.200.1:445

mssecsvc.exe
10.127.201.1:445

mssecsvc.exe
10.127.202.1:445

mssecsvc.exe
10.127.203.1:445

mssecsvc.exe
10.127.204.1:445

mssecsvc.exe
10.127.205.1:445

mssecsvc.exe
10.127.206.1:445

mssecsvc.exe
10.127.207.1:445

mssecsvc.exe
10.127.208.1:445

mssecsvc.exe
10.127.209.1:445

mssecsvc.exe
10.127.210.1:445

mssecsvc.exe
10.127.211.1:445

mssecsvc.exe
10.127.212.1:445

mssecsvc.exe
10.127.213.1:445

mssecsvc.exe
10.127.214.1:445

mssecsvc.exe
10.127.215.1:445

mssecsvc.exe
34.10.89.188:445

mssecsvc.exe

52 B
1
119.91.203.182:445

mssecsvc.exe

104 B
2
10.127.216.1:445

mssecsvc.exe
176.78.47.157:445

mssecsvc.exe

52 B
1
10.127.217.1:445

mssecsvc.exe
10.127.218.1:445

mssecsvc.exe
204.0.249.95:445

mssecsvc.exe

104 B
2
138.185.36.90:445

mssecsvc.exe

104 B
2
124.85.37.249:445

mssecsvc.exe

52 B
1
137.230.99.87:445

mssecsvc.exe

52 B
1
31.87.250.1:445

mssecsvc.exe

104 B
2
110.252.5.148:445

mssecsvc.exe

104 B
2
76.71.210.196:445

mssecsvc.exe

104 B
2
156.14.143.65:445

mssecsvc.exe

104 B
2
158.244.181.111:445

mssecsvc.exe

104 B
2
35.135.225.189:445

mssecsvc.exe

104 B
2
142.9.214.81:445

mssecsvc.exe

104 B
2
210.203.70.117:445

mssecsvc.exe

104 B
2
160.180.151.126:445

mssecsvc.exe

104 B
2
20.250.54.235:445

mssecsvc.exe

104 B
2
99.177.249.85:445

mssecsvc.exe

104 B
2
197.160.181.221:445

mssecsvc.exe

104 B
2
22.204.242.49:445

mssecsvc.exe

52 B
1
84.188.196.181:445

mssecsvc.exe

104 B
2
29.24.172.199:445

mssecsvc.exe

104 B
2
10.127.219.1:445

mssecsvc.exe
10.127.220.1:445

mssecsvc.exe
10.127.221.1:445

mssecsvc.exe
10.127.222.1:445

mssecsvc.exe
10.127.223.1:445

mssecsvc.exe
10.127.224.1:445

mssecsvc.exe
10.127.225.1:445

mssecsvc.exe
10.127.226.1:445

mssecsvc.exe
10.127.227.1:445

mssecsvc.exe
10.127.228.1:445

mssecsvc.exe
10.127.229.1:445

mssecsvc.exe
10.127.230.1:445

mssecsvc.exe
10.127.231.1:445

mssecsvc.exe
10.127.232.1:445

mssecsvc.exe
10.127.233.1:445

mssecsvc.exe
10.127.234.1:445

mssecsvc.exe
10.127.235.1:445

mssecsvc.exe
10.127.236.1:445

mssecsvc.exe
93.220.92.91:445

mssecsvc.exe

104 B
2
201.193.196.56:445

mssecsvc.exe

104 B
2
10.127.237.1:445

mssecsvc.exe
10.127.238.1:445

mssecsvc.exe
103.204.19.244:445

mssecsvc.exe

104 B
2
154.35.144.62:445

mssecsvc.exe

104 B
2
106.24.18.195:445

mssecsvc.exe

104 B
2
1.156.167.167:445

mssecsvc.exe

104 B
2
205.42.195.54:445

mssecsvc.exe

104 B
2
136.251.73.64:445

mssecsvc.exe

52 B
1
111.235.152.47:445

mssecsvc.exe

104 B
2
25.44.243.210:445

mssecsvc.exe

104 B
2
88.7.170.197:445

mssecsvc.exe

104 B
2
78.9.234.137:445

mssecsvc.exe

52 B
1
153.34.220.188:445

mssecsvc.exe

104 B
2
114.96.127.136:445

mssecsvc.exe

104 B
2
10.19.8.69:445

mssecsvc.exe

52 B
1
141.17.127.71:445

mssecsvc.exe

52 B
1
147.18.193.187:445

mssecsvc.exe

52 B
1
135.20.191.225:445

mssecsvc.exe

52 B
1
4.98.21.194:445

mssecsvc.exe

52 B
1
199.198.38.13:445

mssecsvc.exe

104 B
2
46.146.236.62:445

mssecsvc.exe

104 B
2
11.177.222.246:445

mssecsvc.exe

104 B
2
10.127.239.1:445

mssecsvc.exe
92.217.43.47:445

mssecsvc.exe

104 B
2
109.179.96.54:445

mssecsvc.exe

104 B
2
119.15.119.124:445

mssecsvc.exe

104 B
2
10.127.240.1:445

mssecsvc.exe
10.127.241.1:445

mssecsvc.exe
10.127.242.1:445

mssecsvc.exe
10.127.243.1:445

mssecsvc.exe
10.127.244.1:445

mssecsvc.exe
10.127.245.1:445

mssecsvc.exe
10.127.246.1:445

mssecsvc.exe
10.127.247.1:445

mssecsvc.exe
10.127.248.1:445

mssecsvc.exe
10.127.249.1:445

mssecsvc.exe
10.127.250.1:445

mssecsvc.exe
10.127.251.1:445

mssecsvc.exe
10.127.252.1:445

mssecsvc.exe
10.127.253.1:445

mssecsvc.exe
10.127.254.1:445

mssecsvc.exe
10.127.255.1:445

mssecsvc.exe
10.127.0.2:445

mssecsvc.exe
10.127.1.2:445

mssecsvc.exe
10.127.2.2:445

mssecsvc.exe
183.20.194.223:445

mssecsvc.exe

104 B
2
204.238.125.5:445

mssecsvc.exe

104 B
2
41.214.205.142:445

mssecsvc.exe

104 B
2
48.31.115.22:445

mssecsvc.exe

104 B
2
221.179.68.241:445

mssecsvc.exe

104 B
2
118.218.29.128:445

mssecsvc.exe

104 B
2
91.192.15.211:445

mssecsvc.exe

52 B
1
130.172.112.83:445

mssecsvc.exe

52 B
1
165.171.127.224:445

mssecsvc.exe

52 B
1
97.34.91.133:445

mssecsvc.exe

104 B
2
2.216.107.85:445

mssecsvc.exe

104 B
2
10.127.3.2:445

mssecsvc.exe
91.95.204.150:445

mssecsvc.exe

52 B
1
162.126.67.167:445

mssecsvc.exe

104 B
2
61.232.186.75:445

mssecsvc.exe

104 B
2
42.247.235.114:445

mssecsvc.exe

52 B
1
199.130.219.15:445

mssecsvc.exe

104 B
2
180.44.20.229:445

mssecsvc.exe

52 B
1
218.215.240.96:445

mssecsvc.exe

52 B
1
135.31.243.78:445

mssecsvc.exe

52 B
1
4.196.10.166:445

mssecsvc.exe

104 B
2
19.45.51.72:445

mssecsvc.exe

104 B
2
167.207.214.27:445

mssecsvc.exe

104 B
2
112.151.237.210:445

mssecsvc.exe

104 B
2
86.53.78.114:445

mssecsvc.exe

104 B
2
10.127.4.2:445

mssecsvc.exe
10.127.5.2:445

mssecsvc.exe
10.127.6.2:445

mssecsvc.exe
10.127.7.2:445

mssecsvc.exe
10.127.8.2:445

mssecsvc.exe
10.127.9.2:445

mssecsvc.exe
10.127.10.2:445

mssecsvc.exe
10.127.11.2:445

mssecsvc.exe
10.127.12.2:445

mssecsvc.exe
10.127.13.2:445

mssecsvc.exe
10.127.14.2:445

mssecsvc.exe
10.127.15.2:445

mssecsvc.exe
10.127.16.2:445

mssecsvc.exe
10.127.17.2:445

mssecsvc.exe
10.127.18.2:445

mssecsvc.exe
10.127.19.2:445

mssecsvc.exe
10.127.20.2:445

mssecsvc.exe
10.127.21.2:445

mssecsvc.exe
10.127.22.2:445

mssecsvc.exe
192.115.157.108:445

mssecsvc.exe

104 B
2
160.211.163.88:445

mssecsvc.exe

52 B
1
96.66.46.137:445

mssecsvc.exe

52 B
1
216.192.157.33:445

mssecsvc.exe

104 B
2
3.31.211.129:445

mssecsvc.exe

104 B
2
123.189.156.30:445

mssecsvc.exe

104 B
2
1.115.134.193:445

mssecsvc.exe

104 B
2
189.182.234.53:445

mssecsvc.exe

104 B
2
77.225.70.236:445

mssecsvc.exe

52 B
1
212.10.235.8:445

mssecsvc.exe

104 B
2
71.171.14.15:445

mssecsvc.exe

104 B
2
161.178.124.86:445

mssecsvc.exe

52 B
1
60.245.238.199:445

mssecsvc.exe

104 B
2
17.224.199.104:445

mssecsvc.exe

104 B
2
118.121.146.215:445

mssecsvc.exe

104 B
2
25.3.244.208:445

mssecsvc.exe

104 B
2
100.43.68.111:445

mssecsvc.exe

104 B
2
36.113.193.167:445

mssecsvc.exe

104 B
2
143.226.101.153:445

mssecsvc.exe

104 B
2
108.153.243.157:445

mssecsvc.exe

104 B
2
107.13.72.124:445

mssecsvc.exe

104 B
2
191.101.161.84:445

mssecsvc.exe

52 B
1
141.36.243.143:445

mssecsvc.exe

104 B
2
213.7.70.59:445

mssecsvc.exe

104 B
2
44.127.249.188:445

mssecsvc.exe

104 B
2
214.223.159.208:445

mssecsvc.exe

52 B
1
95.193.45.74:445

mssecsvc.exe

52 B
1
10.127.23.2:445

mssecsvc.exe
10.127.24.2:445

mssecsvc.exe

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

180.129.81.91.in-addr.arpa

dns

72 B
147 B
1
1

DNS Request

180.129.81.91.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
d21d12114f36cb9cd7af57659151d441

SHA1
93f5ea70785b7acf9127ee2dc9ab3a87b6d5d39a

SHA256
64ed73629dfaec5db575cfd5e55aaff90c081fe6901384f8ea443e158b75bacc

SHA512
0a5dfa54520606ce55657a5361ed08a1434c642eedb9cbf382bfe62b89be234b22182629a8b11131b50cfc0df9bb444b50902e3d4409cb5a7423caefd7d729ba

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
d7f2c9304928c99e1d6856fdf2e75f5f

SHA1
1b2bd87f52c95fa4e129b1ef25c8538d5d4be7b5

SHA256
26213e7fe08c90f11ed7e38c9be6a50d3fc4eadf884f4f06e51d7f20f71676b7

SHA512
091d342951d2c029e9f4c571eea9c58d27f092ca2b913ec8decaf4c823ad4af5e1a04fdf3b53b1a7dda2352b26e8a610b14e7c0bf03d46712e19e6a067e72d1f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.