Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 10:48

General

  • Target

    5eade1d42ff925b7c5547e176700951a_JaffaCakes118.exe

  • Size

    3.6MB

  • MD5

    5eade1d42ff925b7c5547e176700951a

  • SHA1

    b0a0c1660a17cf08189be3b6799e0338e4a45c20

  • SHA256

    e366013c1956714595a9012e48f3c3024b7258adfb44b9fb3fb62e6f23e0abe1

  • SHA512

    1360c58d08501675f059893bc3c918002b4bc2591edc94983939a3af2324c543d92c4b4f643353cccc5c0eb1c116da58e92a04a59b503e9e89ff8d23ad0844d8

  • SSDEEP

    49152:XnAQqMSPbcBVQej/1INRx+TSqTdXpfQu0+jx1h:XDqPoBhz1aRxcSUDfX0+jx1h

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

  • Contacts a large (3256) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Executes dropped EXE 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5eade1d42ff925b7c5547e176700951a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5eade1d42ff925b7c5547e176700951a_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    PID:2276
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2652
  • C:\Users\Admin\AppData\Local\Temp\5eade1d42ff925b7c5547e176700951a_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\5eade1d42ff925b7c5547e176700951a_JaffaCakes118.exe -m security
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tasksche.exe

    Filesize

    3.4MB

    MD5

    797d240cbdbf1c9f9128a330adec22a2

    SHA1

    c7358527e4f8c11e9cc253533b8a90fb52c32484

    SHA256

    f8213bcd5c3dcbf4cbc5470b7b1d56f56aa5967a9b7e6ecbae329b0192663977

    SHA512

    e28b4a8e2e7d01556b1811c33ca9a3315606817dcf9aa393e749dc46f865bf7db195b4aa1d42471f0c46778c00de276655bd40c4d2e0e6040f194fb46d9700f7