Overview

overview

10

Static

static

3

f63eb4858e...02.dll

windows7-x64

10

f63eb4858e...02.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f63eb4858e66889e8b62e6e72fe5d5620995c3fccaa8cd23043c22ddb3c6aa02.dll

  • Size

    5.0MB

  • Sample

    250116-eadpxsznfz

  • MD5

    be3c1ef872e8e146ff78e66271ca261b

  • SHA1

    0e3c7374332d4a507fdbd7b30f5f78d7a4fbafcc

  • SHA256

    f63eb4858e66889e8b62e6e72fe5d5620995c3fccaa8cd23043c22ddb3c6aa02

  • SHA512

    38cb75392e90e52a874f1e0bf128f3156d0e330fd67ca68f0b109219f232235eaf39e7e207c21c31aba01b15594c65bfabea8a40856000dfc4cd41699d4f0486

  • SSDEEP

    98304:18qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8s3:18qPe1Cxcxk3ZAEUadzR8s

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      f63eb4858e66889e8b62e6e72fe5d5620995c3fccaa8cd23043c22ddb3c6aa02.dll

    • Size

      5.0MB

    • MD5

      be3c1ef872e8e146ff78e66271ca261b

    • SHA1

      0e3c7374332d4a507fdbd7b30f5f78d7a4fbafcc

    • SHA256

      f63eb4858e66889e8b62e6e72fe5d5620995c3fccaa8cd23043c22ddb3c6aa02

    • SHA512

      38cb75392e90e52a874f1e0bf128f3156d0e330fd67ca68f0b109219f232235eaf39e7e207c21c31aba01b15594c65bfabea8a40856000dfc4cd41699d4f0486

    • SSDEEP

      98304:18qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8s3:18qPe1Cxcxk3ZAEUadzR8s

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Wannacry family

      wannacry

    • Contacts a large (3210) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks