Resubmissions
25-06-2024 09:40
240625-lnlq1ssbmc 10Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
25-06-2024 09:40
General
-
Target
0d95f3f64e7782ec7acd3a1b76c276a6_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
0d95f3f64e7782ec7acd3a1b76c276a6
-
SHA1
c9301e03c44831417d5afad96921e565577c08cf
-
SHA256
0b352401619b8b6375dd37ba94a8b73526f428631ac12145858a94ce354b5ddc
-
SHA512
2e0c5066169488d18fe4dd4981e90066ddf66ab0aa2dab41aecd0e444e595894bd418ab896503d4b2fbee98f9c13506911561e11f881117a74e9e1017eca6eb0
-
SSDEEP
24576:RbLguriIfEcQdIVUacMNgef0QeQjG/D8kIqRYoAdNLK:RnpEKUacBVQej/1IN
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (2731) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 3 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory 4 IoCs
-
Drops file in Windows directory 4 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d95f3f64e7782ec7acd3a1b76c276a6_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d95f3f64e7782ec7acd3a1b76c276a6_JaffaCakes118.dll,#12⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe -m security1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD5be31aaec48f653b49a4ef8d9f4718bac
SHA102d1ec8b78ac096f5f175e1e11c47411b2088f4a
SHA25615fd3b514b40082951c33e3a0b6b1164bd244ca0806162a3ebc61c90ab39d98d
SHA512c3f428639b8008ba06c1a230ec0742f5b06b04f7e0fd7b4770641d9c19b880bcd3f65a45154fa26d2684f052fe014c479a28dc94756142322805679e00d104ad
-
Filesize
2.0MB
MD5523fced1367557eff377b4795b8f9e83
SHA17caf8700303a20d1836e33ba45bd722207a46c8f
SHA256a82524f5d7849444d4c2228c831205a288863f4d21422e7eac593ae191c32c31
SHA512d0d53dc64c84a112c61381204eade9f8e1890e52aba110b40804b2d373255b7ba5e02f34bb55e3e8727f8a0e524aff1a2780daaa2b16946fcb05ae67e338e3f4