Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 06:30
General
-
Target
5da581b5248ef51f23e378474f430028_JaffaCakes118.exe
-
Size
3.6MB
-
MD5
5da581b5248ef51f23e378474f430028
-
SHA1
15b2470540efa1d8e18e6a324b46c6c969703b79
-
SHA256
993e95a63073362991f1532c7cada7a0f35d647dd795dc44a0dd54bcc6c5cb06
-
SHA512
5f58a5451d75829b2ea890ce0ba2fd3869ced4c42fdfa592e0b9a7e627c622a45e200dcee4d2e24e27de3f9c3e0a19ddbf7d8d9d6cd0f7254d3a670c84a44f46
-
SSDEEP
98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAw2F:Z8qPe1Cxcxk3ZAEUadzR8yA
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3171) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exe -m security1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD590938407c8be94d5c44223a758a76a76
SHA135a1d87f9b7806bb48076e9d06ebda7d8f3af3c2
SHA256c14b363c8649574b0d23cea2c64c29cfabfb3bfe60f16728eb18ea622bde8706
SHA51218604214eecabb998d4f40915dca5d38f86abe63a73c40b20fef4d6f6420dae1c056da00330773ad99baafc88a306da88770bb263f4958e3e13e06e6bacc18d4