Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 09:58

General

  • Target

    5e781fefc86fa5f2fd4b3ae7c91580fe_JaffaCakes118.exe

  • Size

    3.6MB

  • MD5

    5e781fefc86fa5f2fd4b3ae7c91580fe

  • SHA1

    48a157453a05a5111aca1080d5c81f0f02f3ad24

  • SHA256

    d33e350be030e5d3c3d8b060feffe359126dcc94a30d40b44ef2111f553f394b

  • SHA512

    e5af4a0be12c466a62ddf379130e6dd062f6cfc3a0ae0119e84abab57674cbafc86a4988f93643edad5bf8d0036f0bb3fb7c62320b7bcd35f6fdf51d4e93d718

  • SSDEEP

    49152:XnAQqMSPbcBVQej/1rRdhnvxJM0H9PAMEcaEau3R8yAH1plAHI:XDqPoBhz1FdhvxWa9P593R8yAVp2HI

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (3296) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e781fefc86fa5f2fd4b3ae7c91580fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5e781fefc86fa5f2fd4b3ae7c91580fe_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    PID:1872
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:3404
  • C:\Users\Admin\AppData\Local\Temp\5e781fefc86fa5f2fd4b3ae7c91580fe_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\5e781fefc86fa5f2fd4b3ae7c91580fe_JaffaCakes118.exe -m security
    1⤵
    • Modifies data under HKEY_USERS
    PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe

    Filesize

    3.4MB

    MD5

    64d1f7a14710ab97ea85b4e525dac6b0

    SHA1

    88d9102d09edb618769f5a2cccc655078a05ff8a

    SHA256

    ef24f43e20a1c94cfc6d952f8e85378ac58e68f9128cc668d3ea73dd449c1da4

    SHA512

    bcf0451f198bfe38328869b589b10800052916566cf2175c3d70deb3d26af27f50822e7f7554d02debcd6bb599768f40d17c87d4959b9ccfa16c33f1808a6d19