General
-
Target
043cad7434093030e138737f84e5ef09_JaffaCakes118
-
Size
3.4MB
-
Sample
240428-dks2xsfa7x
-
MD5
043cad7434093030e138737f84e5ef09
-
SHA1
9dc9e67674863cd75d4b1de8cb93d56450d1485f
-
SHA256
b5fb2b3aaaf5da4955fd2eccb5b519fd60b0f18a59aa5157870aeb529d9bfcd5
-
SHA512
ed3547cdf42d96001acca52d078b54e9c2641f3c5cdcc6b38f9e1412a9d7cc4331ec8876c516089f8e756b4a1bd939ecf748df022f1d836860c81f9f5240c143
-
SSDEEP
98304:N3nmuXG8Ld8aQ++NghKszA2Az+Nvqs/C0Ct:FmuXG8CD++e/A2jNct
Static task
static1
Behavioral task
behavioral1
Sample
6bf1839a7e72a92a2bb18fbedf1873e4892b00ea4b122e48ae80fac5048db1a7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6bf1839a7e72a92a2bb18fbedf1873e4892b00ea4b122e48ae80fac5048db1a7.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
C:\ProgramData\ocrynrxjitp972\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Targets
-
-
Target
6bf1839a7e72a92a2bb18fbedf1873e4892b00ea4b122e48ae80fac5048db1a7.exe
-
Size
3.6MB
-
MD5
05a00c320754934782ec5dec1d5c0476
-
SHA1
df815d6a5fbfc135d588bf8f7e9d71319aef2a8d
-
SHA256
6bf1839a7e72a92a2bb18fbedf1873e4892b00ea4b122e48ae80fac5048db1a7
-
SHA512
0f31fb8615c77cf1342faebcf5d4583dc27fdaa99c0dc644b4fab422470273b14bb0fa703a9756bc4136238e95f56ab826428622dbb3f5efb948b285bcbc5da5
-
SSDEEP
49152:wnAQqMSPbcBVQeBvgyd7+KnT2becwT6DGMIBHuLZyLUcRhRt/IbmwW6LCs:wDqPoBhGywKSbevWSdOLZSPebdWOCs
-
Contacts a large (2686) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Drops startup file
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1