Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 00:42
General
-
Target
692e0c825e4e95263114d2d7f24e78a0_JaffaCakes118.exe
-
Size
3.6MB
-
MD5
692e0c825e4e95263114d2d7f24e78a0
-
SHA1
94598515ed20e6ba65390df2c0a3c08e4fab7fbd
-
SHA256
98d6ca0c651a17b01c117755e7eb19eeeb2dfa29405f97ee46caffa3b9c4fa1a
-
SHA512
a8b879d11046c6019c1d080cdb37584f46bfdfbb7c7960ccca60318a971c9da0cb2790b8815318a981d6b5efcba492c0d1a22acc63c795558a27bbda519a75a0
-
SSDEEP
49152:VnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA3H1plAHI:Z8qPoBhz1aRxcSUDk36SAiVp2HI
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3348) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\692e0c825e4e95263114d2d7f24e78a0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\692e0c825e4e95263114d2d7f24e78a0_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\692e0c825e4e95263114d2d7f24e78a0_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\692e0c825e4e95263114d2d7f24e78a0_JaffaCakes118.exe -m security1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\tasksche.exeFilesize
3.4MB
MD5d9f70892fa3ebe3d7ef2f54f2b306f1c
SHA19e7434c1e61cefe6a7c4a3200f7b0d7fbd9c2d2d
SHA256ce01ac1f33e0ccc464bcd05de24059cfde7149362ce9773c041630510a38a47e
SHA512ecb310563f1ee8a6a789f47006899cae20caa760dddfcad2155c9f557e5f1f7d982a51ffaa648bc20a1e7f780f22d6bf57e64a5f9915b825c44955a071d3d777