Overview

overview

10

Static

static

3

011e16a72a...a2.dll

windows7-x64

10

011e16a72a...a2.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    011e16a72ac0a2cb71d4f3a001bac0047f9578b176452ae3041942575a00a8a2

  • Size

    5.0MB

  • Sample

    240704-ky5ffatbmn

  • MD5

    928765bf46b1e554454c45b6cec1a8fd

  • SHA1

    fec57d7257a6d8fa5984bfcba8da7e05e3aca7ae

  • SHA256

    011e16a72ac0a2cb71d4f3a001bac0047f9578b176452ae3041942575a00a8a2

  • SHA512

    11bf159da7caa07b4305ebd72c5f18dc71bc18ce4d06e1d76436b0cfa908cc29c4b827be8b58719c12700a5e00dc9153e9d6b48f796045e254339abbf21d0ce1

  • SSDEEP

    12288:T1bLgmluCti62lIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+D:RbLguripdmMSirYbcMNgef0

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      011e16a72ac0a2cb71d4f3a001bac0047f9578b176452ae3041942575a00a8a2

    • Size

      5.0MB

    • MD5

      928765bf46b1e554454c45b6cec1a8fd

    • SHA1

      fec57d7257a6d8fa5984bfcba8da7e05e3aca7ae

    • SHA256

      011e16a72ac0a2cb71d4f3a001bac0047f9578b176452ae3041942575a00a8a2

    • SHA512

      11bf159da7caa07b4305ebd72c5f18dc71bc18ce4d06e1d76436b0cfa908cc29c4b827be8b58719c12700a5e00dc9153e9d6b48f796045e254339abbf21d0ce1

    • SSDEEP

      12288:T1bLgmluCti62lIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+D:RbLguripdmMSirYbcMNgef0

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3291) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks