Overview

overview

10

Static

static

3

2d4a5c543b...18.dll

windows7-x64

10

2d4a5c543b...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d4a5c543b416f5456473650bc66d699_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240510-evg8vaad9x

  • MD5

    2d4a5c543b416f5456473650bc66d699

  • SHA1

    343820a3130c2a38c604c96ed5bb7ae3b2da4318

  • SHA256

    1f99061d149dd020b4c28258638e914750262c42962d58c8a638ee9023e7e4a9

  • SHA512

    979220d5eb7b3727cd672ceff79c3632f658798de89442c10922b7df6a039eaca301034049e520b63f108b9a0adaffb8b1e0695646662f5ea8b8b1cb2538a15c

  • SSDEEP

    98304:kDqPoBhz1aRxcSUDk36SAEdhvxWa9P593Rk:kDqPe1Cxcxk3ZAEUadzRk

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      2d4a5c543b416f5456473650bc66d699_JaffaCakes118

    • Size

      5.0MB

    • MD5

      2d4a5c543b416f5456473650bc66d699

    • SHA1

      343820a3130c2a38c604c96ed5bb7ae3b2da4318

    • SHA256

      1f99061d149dd020b4c28258638e914750262c42962d58c8a638ee9023e7e4a9

    • SHA512

      979220d5eb7b3727cd672ceff79c3632f658798de89442c10922b7df6a039eaca301034049e520b63f108b9a0adaffb8b1e0695646662f5ea8b8b1cb2538a15c

    • SSDEEP

      98304:kDqPoBhz1aRxcSUDk36SAEdhvxWa9P593Rk:kDqPe1Cxcxk3ZAEUadzRk

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3214) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks