Overview

overview

10

Static

static

3

78bd8b9c61...8c.dll

windows7-x64

10

78bd8b9c61...8c.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78bd8b9c610315d7247e2076bbd9458c.dll

  • Size

    5.0MB

  • Sample

    250115-tdb3tsynel

  • MD5

    78bd8b9c610315d7247e2076bbd9458c

  • SHA1

    a8029cfe179dfc15c9a52ecd4ad491403dc1c1ae

  • SHA256

    51d5805abb1d7fb68d037399193a5f1b019d23e455fe4a5b82d245a020b5b05b

  • SHA512

    b6eabd7e04cd4d70edbd2f2e1b44f14fc27943b405334da0784bf2442ffcb4669de6c48fa54581045196803f975d1da86e59726afc86437827a1becc1354cdbc

  • SSDEEP

    98304:NDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:NDqPe1Cxcxk3ZAEUadzR8yc4H

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      78bd8b9c610315d7247e2076bbd9458c.dll

    • Size

      5.0MB

    • MD5

      78bd8b9c610315d7247e2076bbd9458c

    • SHA1

      a8029cfe179dfc15c9a52ecd4ad491403dc1c1ae

    • SHA256

      51d5805abb1d7fb68d037399193a5f1b019d23e455fe4a5b82d245a020b5b05b

    • SHA512

      b6eabd7e04cd4d70edbd2f2e1b44f14fc27943b405334da0784bf2442ffcb4669de6c48fa54581045196803f975d1da86e59726afc86437827a1becc1354cdbc

    • SSDEEP

      98304:NDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:NDqPe1Cxcxk3ZAEUadzR8yc4H

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Wannacry family

      wannacry

    • Contacts a large (3126) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks