Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 12:11
General
-
Target
633e28e3ca41fa61f18348c02d59d8e8_JaffaCakes118.exe
-
Size
3.6MB
-
MD5
633e28e3ca41fa61f18348c02d59d8e8
-
SHA1
d0941932099bdf0fe154fd296ca677c47d1bd209
-
SHA256
bfbec5d1fc71359963ded42f54ba402ce9abe56a4c1a377b5f3f3a474796d2a8
-
SHA512
acbcdad7bc9eac7f5f82a3c500e89b8e347bca94fab1fcaa727c02d1f9da715f8aba41797fd855b8c644a27e785fe50ac62cd4630b81ea9460322d6210092b6e
-
SSDEEP
49152:XnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAME:XDqPoBhz1aRxcSUDk36SAEdhvxWa9P5
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3374) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\633e28e3ca41fa61f18348c02d59d8e8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\633e28e3ca41fa61f18348c02d59d8e8_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\633e28e3ca41fa61f18348c02d59d8e8_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\633e28e3ca41fa61f18348c02d59d8e8_JaffaCakes118.exe -m security1⤵
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\tasksche.exeFilesize
3.4MB
MD5121c8f49acc089afc250a81c4c788c1e
SHA1efc0bd2c0aacaa8d143f0f85cffd0f595f0ea5ec
SHA256f6c62138bae3802a72e670a4eed8da129c2021a6a25b8d8b6339a14ebf4593f6
SHA512c1d49584f6fb86288e584d1c000dc39eebebd20fc7f73e51c01d06f8998c1d9b63df57ea600ddd05d35c8e3b7569042a258f5f1f9c9c1adadbfe8d8678d36fe0