Overview

overview

10

Static

static

3

a119f909f7...18.dll

windows7-x64

10

a119f909f7...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a119f909f723d75e958d1a8b4b7c7772_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240612-sjjt7azblh

  • MD5

    a119f909f723d75e958d1a8b4b7c7772

  • SHA1

    b9fa1802da17688666df58a5ac6b38e49603c19c

  • SHA256

    412d4635deca5e3f92f67f9e870d37c6ba3425f4dc5234b08d2abf84d2267f25

  • SHA512

    71fdb25be9ad09ce09ebdce9f1ba9920083f69aaf7f6001d1384d2f8ff4bd6126fefcccf9aa2c5200b4d43c6e14dc1828e2be00d49a1e09bdb6fde5b8785276a

  • SSDEEP

    49152:lnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM:pDqPoBhz1aRxcSUDk36SAEdhvxW

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      a119f909f723d75e958d1a8b4b7c7772_JaffaCakes118

    • Size

      5.0MB

    • MD5

      a119f909f723d75e958d1a8b4b7c7772

    • SHA1

      b9fa1802da17688666df58a5ac6b38e49603c19c

    • SHA256

      412d4635deca5e3f92f67f9e870d37c6ba3425f4dc5234b08d2abf84d2267f25

    • SHA512

      71fdb25be9ad09ce09ebdce9f1ba9920083f69aaf7f6001d1384d2f8ff4bd6126fefcccf9aa2c5200b4d43c6e14dc1828e2be00d49a1e09bdb6fde5b8785276a

    • SSDEEP

      49152:lnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM:pDqPoBhz1aRxcSUDk36SAEdhvxW

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3231) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks