Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
07-07-2024 02:07
General
-
Target
29a9dd686f08aacddacc43a0c57215f2_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
29a9dd686f08aacddacc43a0c57215f2
-
SHA1
3ed8902c24568adafc3ac35d9b4c92ba02406e8c
-
SHA256
02e4a7ebf81840f41a3c8b5e330a37977b7783120ed12deca77d30825266810d
-
SHA512
28234611882e8facdb6feb0072d72d4c8790d57a2b5eba33074f914a0a04ee4d95f50a4c9038c04526db37b5678e5d53363fb3f0ea168e13d948aa950e0fc4d4
-
SSDEEP
12288:T1bLgmluCti62ybaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DuGEpGCsrp:RbLgurihdmMSirYbcMNgef0j6n
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (2097) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29a9dd686f08aacddacc43a0c57215f2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29a9dd686f08aacddacc43a0c57215f2_JaffaCakes118.dll,#12⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe -m security1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD5b304073942fba0ddb2c4e201e6a56afe
SHA13d11a91ce696461e97b21a138bed49004861df83
SHA256b8a9a06be3f08243eb994503369be36ed71701b28c07dd98d84ed8f434de0a6d
SHA512d02d8eeecad65b2a118098373b2eda96de9d4c061cfda3aaccda91b272ab9b8b6de24b3a99cc4d7c61a34c879af5a3df08f6ce618441f9f27433eadccee9b088