Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 06:30
Static task
static1
Behavioral task
behavioral1
Sample
5da581b5248ef51f23e378474f430028_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5da581b5248ef51f23e378474f430028_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
5da581b5248ef51f23e378474f430028_JaffaCakes118.exe
-
Size
3.6MB
-
MD5
5da581b5248ef51f23e378474f430028
-
SHA1
15b2470540efa1d8e18e6a324b46c6c969703b79
-
SHA256
993e95a63073362991f1532c7cada7a0f35d647dd795dc44a0dd54bcc6c5cb06
-
SHA512
5f58a5451d75829b2ea890ce0ba2fd3869ced4c42fdfa592e0b9a7e627c622a45e200dcee4d2e24e27de3f9c3e0a19ddbf7d8d9d6cd0f7254d3a670c84a44f46
-
SSDEEP
98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAw2F:Z8qPe1Cxcxk3ZAEUadzR8yA
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3325) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
Processes:
tasksche.exepid process 2384 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
Processes:
5da581b5248ef51f23e378474f430028_JaffaCakes118.exedescription ioc process File created C:\WINDOWS\tasksche.exe 5da581b5248ef51f23e378474f430028_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
PID:2476 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:2384
-
C:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5da581b5248ef51f23e378474f430028_JaffaCakes118.exe -m security1⤵PID:3376
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.4MB
MD590938407c8be94d5c44223a758a76a76
SHA135a1d87f9b7806bb48076e9d06ebda7d8f3af3c2
SHA256c14b363c8649574b0d23cea2c64c29cfabfb3bfe60f16728eb18ea622bde8706
SHA51218604214eecabb998d4f40915dca5d38f86abe63a73c40b20fef4d6f6420dae1c056da00330773ad99baafc88a306da88770bb263f4958e3e13e06e6bacc18d4