Overview

overview

10

Static

static

3

181a683c5c...18.dll

windows7-x64

10

181a683c5c...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    181a683c5ce41674aace27b613d9d14d_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240505-rtm4xscf6s

  • MD5

    181a683c5ce41674aace27b613d9d14d

  • SHA1

    ba09966ab49ddecdb390fadeb63a0d8c58df96e2

  • SHA256

    daa469ee01ce0c1e71c935b8164be2330755c142883557aa7085ab5cfad45db1

  • SHA512

    29aa9be807dcc8ce4303823c58ae18e8810469f1ea06184ad8385452058c7b9d67bc88a8544595785706c47d7c29d2b7b0cf203cabe6cec3819ef585d83f8014

  • SSDEEP

    49152:SnAQqMSPbcBVzx+TSqTdGvxJM0H9PAMEcaEau3R8yAH1plAH:+DqPoB9xcSUYxWa9P593R8yAVp2H

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      181a683c5ce41674aace27b613d9d14d_JaffaCakes118

    • Size

      5.0MB

    • MD5

      181a683c5ce41674aace27b613d9d14d

    • SHA1

      ba09966ab49ddecdb390fadeb63a0d8c58df96e2

    • SHA256

      daa469ee01ce0c1e71c935b8164be2330755c142883557aa7085ab5cfad45db1

    • SHA512

      29aa9be807dcc8ce4303823c58ae18e8810469f1ea06184ad8385452058c7b9d67bc88a8544595785706c47d7c29d2b7b0cf203cabe6cec3819ef585d83f8014

    • SSDEEP

      49152:SnAQqMSPbcBVzx+TSqTdGvxJM0H9PAMEcaEau3R8yAH1plAH:+DqPoB9xcSUYxWa9P593R8yAVp2H

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3193) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks