Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 16:06
Static task
static1
Behavioral task
behavioral1
Sample
67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe
-
Size
3.6MB
-
MD5
67d6630b1c9a58743d02026a9dd26a05
-
SHA1
8f9045f02bcfd64c3c261e5b6368a0ffec913789
-
SHA256
1df589371260c5c63e486ad3eaacab4776c9a04871d61f3aef8b14f5708fef1d
-
SHA512
f0d4c19c487a78074e9d6b6ec8a03d9ba8b49952968bddad21f3e770db1d9f5fffbd4c75e9547212be14fb5ea5d31d06218afc10665e7b358e1ace87aad41a6c
-
SSDEEP
49152:2nAQqMSPbcBVpPAMEcaEau3R8yAH1plAH:yDqPoBPP593R8yAVp2H
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3290) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
Processes:
tasksche.exepid process 3268 tasksche.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
Processes:
67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exedescription ioc process File created C:\WINDOWS\tasksche.exe 67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ 67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" 67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" 67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" 67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" 67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
PID:1384 -
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
PID:3268
-
C:\Users\Admin\AppData\Local\Temp\67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\67d6630b1c9a58743d02026a9dd26a05_JaffaCakes118.exe -m security1⤵
- Modifies data under HKEY_USERS
PID:3904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4080,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:81⤵PID:4268
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\tasksche.exeFilesize
3.4MB
MD596d947b6ef830868e8bad9343713fcc4
SHA16612eb3c1ec1999f2c8608105821020f94988258
SHA25647d1e1f91f6d63cd2720ec17b4166c2fe036a5a999c1c6e317cf0144f1372fed
SHA512a9107dae7ad760f4a526f6f8ca0c67c7316dda6864ac8690f4996ab0d4ef94974f292c18d093d2d5dfc7f711d541e5d53acca1cb05ac6d9fb31dc0b698310d03