Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
14-07-2024 06:26
General
-
Target
44ade454a487822f1c9d75aa7d8df907_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
44ade454a487822f1c9d75aa7d8df907
-
SHA1
c0df6b4099072a7ba157f1fb5f5cdaa763501382
-
SHA256
60dbd1084ec5ea6c826039b159aee2a561dd1229d7814328d4c501117a62fbde
-
SHA512
910655b47bd5795955f05750c08b88705381d001fe935c77bd426b760491e2b84070e1aebafc0233f7d3df19e2dc0109982cbd8f6dd1bc5cf69d699caa297027
-
SSDEEP
24576:RbLgurihdmMSirYbcMNgef0QeQjGqD8kIqaXmiHkdhAdmv:RnnMSPbcBVQejqGX1Hkdhnv
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (2161) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\44ade454a487822f1c9d75aa7d8df907_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\44ade454a487822f1c9d75aa7d8df907_JaffaCakes118.dll,#12⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe -m security1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD5b5fad87d8da4d6a0343601c66693d3ac
SHA1cfe60a2cd6cd5ad10976ca9c4728d80bfe6feaa4
SHA256bfe0a67ccf3b227c2835bf90e0708cf37a092ef51aac2557509ce167da8a47bf
SHA5124dfc77c7a889214fa1ec8c0fb3625c9092631b70ebd28811d7b5e4727ffdccabbca10b6aa1cf0ebb2985f22c43cf7083aa887210cee6acf45127f62ef38c4161