Analysis
-
max time kernel
151s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
23-10-2023 18:33
General
-
Target
NEAS.2d8223b0cc7eb09f4db52e268a0fe380_JC.exe
-
Size
5.0MB
-
MD5
2d8223b0cc7eb09f4db52e268a0fe380
-
SHA1
eb662a17a4590ad8c3f94ed599a2c67a9c4c271e
-
SHA256
f39d991c26fe60fa93645546da9534a85afdb757a6d796f83b4a6c51daf3d92e
-
SHA512
0a4b4c6898f2674440f381113214b20b8663fa22ecb80bf0bedddb1707bde88202f20d708f9af375597993f4f27dc31f2c0ec6311507baab130ecbdce904f54f
-
SSDEEP
12288:GvbLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DHeQYSUjEXFp:2bLgddQhfdmMSirYbcMNgef0QeQjG
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3218) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.2d8223b0cc7eb09f4db52e268a0fe380_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.2d8223b0cc7eb09f4db52e268a0fe380_JC.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\NEAS.2d8223b0cc7eb09f4db52e268a0fe380_JC.exeC:\Users\Admin\AppData\Local\Temp\NEAS.2d8223b0cc7eb09f4db52e268a0fe380_JC.exe -m security1⤵
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD5f9d81cf0f3d228198cdbf24a8f186fb2
SHA122ea321e66a49992cb530211401134881bf74a7e
SHA2561fa060c33dd7a62ea8a832c4f4c2b69cbf27e495121b3baa9eaf821967ef2b6a
SHA512c115ba3151ee6611ccbf43d6fb82bec662c94e4991400ed9f9dc3dd375f0d48862747a4e46380cd2bb28e231443d611031e24add981afeac7c1eb54e40e730fa