Overview

overview

10

Static

static

3

4e6b1d4feb...18.exe

windows7-x64

10

4e6b1d4feb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e6b1d4febbe112762fce975211e88f9_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240517-e4a6wshe47

  • MD5

    4e6b1d4febbe112762fce975211e88f9

  • SHA1

    4ce440840ca8302ba9578b6888304648ea3b5dd4

  • SHA256

    8a970427056601d3683eb801f335cc65378b89e968807f66d88be78400c955a7

  • SHA512

    9ef46fe2435a5301184f1f5d902ea34d756e191a11f9fd03f82a830507752fae449f7c3058bcce3ca51eec9637da982fd554640173afde4e89e4e4889f871550

  • SSDEEP

    98304:pDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:pDqPe1Cxcxk3ZAEUadzR8yc4H

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      4e6b1d4febbe112762fce975211e88f9_JaffaCakes118

    • Size

      3.6MB

    • MD5

      4e6b1d4febbe112762fce975211e88f9

    • SHA1

      4ce440840ca8302ba9578b6888304648ea3b5dd4

    • SHA256

      8a970427056601d3683eb801f335cc65378b89e968807f66d88be78400c955a7

    • SHA512

      9ef46fe2435a5301184f1f5d902ea34d756e191a11f9fd03f82a830507752fae449f7c3058bcce3ca51eec9637da982fd554640173afde4e89e4e4889f871550

    • SSDEEP

      98304:pDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:pDqPe1Cxcxk3ZAEUadzR8yc4H

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3084) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in Drivers directory

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks