Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
24/08/2024, 02:01 UTC
General
-
Target
bdcaf7ef34cd9b02932e5ee2297e4893_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
bdcaf7ef34cd9b02932e5ee2297e4893
-
SHA1
0a29bcc5c829e276d06ea92919de2740b938691c
-
SHA256
8d0c9d2e438f33dd7806ed8017baa1f114b6157f9f0eb1fb5d3b59351609120c
-
SHA512
8c0fbf6444aee59f47ab4f6f9c0f0182db3c332c35725a32757055bdc522ef8e192f7ca2fbe7fe080c3a12090030e58bdce179fe0c2b2d0eeaa387c7c5aba81d
-
SSDEEP
24576:RbLgurihdmMSirYbcMNgef0QeQjG/D8kIqRYoAdNLKz66:RnnMSPbcBVQej/1INR
Score
10/10
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (2084) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 24 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bdcaf7ef34cd9b02932e5ee2297e4893_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bdcaf7ef34cd9b02932e5ee2297e4893_JaffaCakes118.dll,#12⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
-
-
C:\WINDOWS\mssecsvr.exeC:\WINDOWS\mssecsvr.exe -m security1⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
Network
-
DNSwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comRemote address:8.8.8.8:53Requestwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN AResponsewww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN A103.224.212.215
-
103.224.212.215:80www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
-
103.224.212.215:80www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
-
104.177.197.148:445
-
10.127.0.1:445 -
10.127.1.1:445
-
10.127.3.1:445
-
10.127.8.1:445
-
10.127.2.1:445
-
10.127.9.1:445
-
10.127.4.1:445
-
10.127.5.1:445
-
10.127.6.1:445
-
10.127.7.1:445
-
10.127.10.1:445
-
7.72.13.14:445
-
10.127.11.1:445
-
10.127.12.1:445
-
10.127.13.1:445
-
10.127.14.1:445
-
10.127.15.1:445
-
10.127.17.1:445
-
53.250.68.23:445 -
10.127.19.1:445
-
10.127.16.1:445
-
123.98.29.112:445 -
10.127.18.1:445
-
10.127.20.1:445
-
10.127.21.1:445
-
10.127.22.1:445
-
10.127.24.1:445
-
10.127.26.1:445
-
10.127.29.1:445
-
10.127.23.1:445
-
10.127.31.1:445
-
10.127.25.1:445
-
10.127.27.1:445
-
10.127.28.1:445
-
10.127.30.1:445
-
10.127.32.1:445
-
101.143.193.31:445 -
158.198.192.199:445
-
10.127.33.1:445
-
10.127.36.1:445
-
10.127.35.1:445
-
98.43.61.94:445
-
10.127.37.1:445
-
10.127.34.1:445
-
10.127.43.1:445
-
10.127.39.1:445
-
156.184.25.119:445 -
10.127.42.1:445
-
10.127.38.1:445
-
189.73.49.247:445 -
10.127.40.1:445
-
10.127.41.1:445
-
10.127.44.1:445
-
10.127.45.1:445
-
10.127.46.1:445
-
10.127.47.1:445
-
10.127.48.1:445
-
10.127.49.1:445
-
10.127.50.1:445
-
10.127.51.1:445
-
10.127.52.1:445
-
10.127.53.1:445
-
189.26.95.232:445
-
10.127.54.1:445
-
100.113.12.144:445
-
4.43.228.196:445
-
10.127.55.1:445
-
10.127.56.1:445
-
10.127.57.1:445
-
143.76.29.242:445
-
10.127.61.1:445
-
197.6.134.4:445 -
10.127.63.1:445
-
10.127.62.1:445
-
123.123.55.9:445
-
10.127.58.1:445
-
10.127.60.1:445
-
10.127.59.1:445
-
68.32.237.251:445
-
10.127.65.1:445
-
10.127.67.1:445
-
10.127.64.1:445
-
10.127.66.1:445
-
10.127.68.1:445
-
10.127.69.1:445
-
10.127.70.1:445
-
10.127.71.1:445
-
215.6.30.110:445
-
10.127.72.1:445
-
10.127.73.1:445
-
10.127.74.1:445
-
10.127.75.1:445
-
204.38.173.7:445
-
149.63.97.226:445 -
106.214.248.131:445 -
170.114.176.127:445 -
10.127.77.1:445
-
10.127.79.1:445
-
10.127.80.1:445
-
172.165.145.149:445
-
10.127.82.1:445
-
163.96.159.209:445 -
10.127.84.1:445
-
10.127.81.1:445
-
221.7.144.175:445
-
10.127.76.1:445
-
10.127.78.1:445
-
24.60.82.72:445
-
10.127.83.1:445
-
10.127.85.1:445
-
10.127.86.1:445
-
10.127.87.1:445
-
10.127.88.1:445
-
10.127.89.1:445
-
10.127.90.1:445
-
179.99.128.86:445
-
10.127.91.1:445
-
10.127.92.1:445
-
10.127.93.1:445
-
17.131.242.144:445
-
10.127.96.1:445
-
180.108.17.203:445
-
10.127.97.1:445
-
10.127.94.1:445
-
212.169.104.205:445 -
10.127.95.1:445
-
10.127.98.1:445
-
160.92.192.122:445
-
59.212.28.185:445
-
10.127.100.1:445
-
195.220.52.17:445
-
215.207.36.228:445
-
10.127.106.1:445
-
10.127.108.1:445
-
206.82.48.126:445
-
10.127.101.1:445
-
10.127.102.1:445
-
10.127.99.1:445
-
210.179.140.157:445 -
10.127.105.1:445
-
10.127.103.1:445
-
10.127.104.1:445
-
10.127.107.1:445
-
10.127.109.1:445
-
131.201.186.0:445
-
174.57.92.218:445
-
10.127.110.1:445
-
10.127.111.1:445
-
10.127.112.1:445
-
190.120.27.22:445 -
10.127.114.1:445
-
27.105.118.127:445 -
10.127.116.1:445
-
10.127.117.1:445
-
48.43.226.20:445
-
10.127.113.1:445
-
10.127.115.1:445
-
166.194.10.157:445
-
192.147.102.230:445
-
185.229.147.86:445 -
42.148.235.33:445
-
10.127.120.1:445
-
10.127.121.1:445
-
10.127.122.1:445
-
43.180.109.216:445
-
10.127.118.1:445
-
10.127.119.1:445
-
47.117.67.115:445
-
10.127.127.1:445
-
10.127.125.1:445
-
66.81.183.39:445 -
10.127.124.1:445
-
10.127.131.1:445
-
10.127.123.1:445
-
10.127.126.1:445
-
10.127.128.1:445
-
10.127.129.1:445
-
10.127.130.1:445
-
52.232.51.106:445 -
77.4.100.236:445
-
200.106.170.79:445
-
40.118.100.47:445
-
128.109.68.60:445
-
10.127.134.1:445
-
161.247.122.30:445
-
10.127.138.1:445
-
144.86.90.135:445 -
10.127.137.1:445
-
30.174.49.241:445
-
10.127.135.1:445
-
10.127.139.1:445
-
73.228.170.213:445
-
10.127.136.1:445
-
10.127.140.1:445
-
97.185.13.87:445
-
10.127.133.1:445
-
79.77.131.174:445
-
148.239.60.246:445 -
10.127.141.1:445
-
10.127.142.1:445
-
10.127.132.1:445
-
49.158.51.138:445
-
10.127.144.1:445
-
10.127.143.1:445
-
10.127.147.1:445
-
21.213.132.181:445
-
10.127.145.1:445
-
10.127.146.1:445
-
10.127.148.1:445
-
10.127.149.1:445
-
10.127.150.1:445
-
10.127.151.1:445
-
10.127.152.1:445
-
168.93.201.200:445
-
17.251.45.14:445
-
10.127.153.1:445
-
197.119.9.176:445 -
99.251.91.73:445 -
203.175.173.237:445
-
146.136.163.95:445 -
10.127.158.1:445
-
10.127.155.1:445
-
146.122.135.7:445
-
10.127.160.1:445
-
192.228.45.122:445
-
141.160.171.22:445
-
10.127.161.1:445
-
10.127.154.1:445
-
10.127.157.1:445
-
212.236.201.184:445 -
37.37.135.119:445 -
10.127.156.1:445
-
10.127.163.1:445
-
45.113.208.63:445
-
10.127.162.1:445
-
19.156.168.149:445
-
10.127.159.1:445
-
139.85.194.39:445
-
10.127.164.1:445
-
10.127.168.1:445
-
163.142.43.4:445
-
10.127.165.1:445
-
10.127.166.1:445
-
10.127.167.1:445
-
10.127.169.1:445
-
10.127.170.1:445
-
46.140.250.74:445
-
10.127.171.1:445
-
10.127.172.1:445
-
10.127.173.1:445
-
184.105.218.125:445
-
169.31.221.68:445
-
10.127.175.1:445
-
140.64.217.198:445
-
16.128.134.240:445
-
213.72.138.39:445
-
47.199.228.100:445
-
10.127.174.1:445
-
10.127.176.1:445
-
40.143.42.41:445
-
132.21.129.175:445
-
10.127.177.1:445
-
10.127.178.1:445
-
10.127.180.1:445
-
155.123.69.197:445
-
160.3.102.91:445
-
10.127.181.1:445
-
10.127.179.1:445
-
7.122.215.94:445
-
7.45.175.209:445
-
11.212.199.250:445
-
10.127.184.1:445
-
29.112.85.190:445
-
10.127.183.1:445
-
10.127.185.1:445
-
186.62.104.195:445 -
199.245.153.145:445
-
10.127.182.1:445
-
197.167.127.238:445
-
10.127.186.1:445
-
10.127.187.1:445
-
10.127.188.1:445
-
10.127.189.1:445
-
216.142.120.95:445
-
10.127.190.1:445
-
10.127.191.1:445
-
136.23.210.214:445
-
196.120.228.63:445 -
121.142.170.175:445
-
169.228.224.89:445
-
10.127.192.1:445
-
10.127.193.1:445
-
194.67.28.48:445 -
143.4.93.93:445
-
10.127.197.1:445
-
10.127.194.1:445
-
83.105.219.36:445
-
6.18.204.7:445
-
10.127.196.1:445
-
104.114.145.55:445
-
10.127.195.1:445
-
165.185.139.31:445
-
110.141.246.7:445 -
10.127.198.1:445
-
10.127.201.1:445
-
178.185.202.231:445
-
184.81.91.214:445
-
10.127.199.1:445
-
199.96.52.178:445
-
173.78.30.43:445
-
10.127.202.1:445
-
10.127.200.1:445
-
95.168.29.237:445
-
10.127.203.1:445
-
91.57.49.18:445
-
10.127.205.1:445
-
149.180.85.0:445
-
189.124.23.44:445
-
10.127.204.1:445
-
10.127.206.1:445
-
10.127.207.1:445
-
10.127.208.1:445
-
97.228.239.238:445
-
10.127.209.1:445
-
106.49.251.150:445
-
87.100.146.134:445 -
130.24.134.98:445
-
1.196.47.210:445
-
55.24.28.215:445
-
10.127.214.1:445
-
10.127.216.1:445
-
42.94.65.145:445
-
142.28.45.67:445
-
155.128.180.3:445
-
10.127.217.1:445
-
91.39.204.240:445
-
10.127.215.1:445
-
10.127.212.1:445
-
207.9.95.230:445
-
10.127.213.1:445
-
147.7.156.119:445 -
168.132.51.178:445
-
100.220.35.81:445
-
79.180.122.13:445 -
10.127.223.1:445
-
175.56.79.143:445
-
168.160.80.60:445
-
10.127.222.1:445
-
10.127.210.1:445
-
10.127.224.1:445
-
86.251.78.191:445
-
30.141.74.52:445
-
123.240.34.65:445
-
10.127.220.1:445
-
10.127.211.1:445
-
97.76.126.171:445
-
10.127.225.1:445
-
10.127.229.1:445
-
185.234.230.34:445
-
10.127.218.1:445
-
10.127.219.1:445
-
10.127.221.1:445
-
10.127.226.1:445
-
10.127.227.1:445
-
10.127.228.1:445
-
10.127.230.1:445
-
222.249.161.253:445
-
48.46.133.21:445
-
46.245.58.146:445 -
10.127.231.1:445
-
10.127.232.1:445
-
166.162.176.117:445
-
112.224.128.85:445
-
172.241.108.10:445
-
10.127.235.1:445
-
100.62.39.188:445
-
10.127.233.1:445
-
45.4.169.9:445 -
107.128.201.50:445
-
149.87.134.84:445
-
10.127.234.1:445
-
10.127.240.1:445
-
137.60.71.126:445 -
10.127.236.1:445
-
10.127.237.1:445
-
10.127.238.1:445
-
10.127.239.1:445
-
10.127.241.1:445
-
90.73.59.113:445
-
189.189.193.179:445
-
36.224.73.74:445
-
214.80.62.223:445
-
165.54.196.176:445 -
10.127.242.1:445
-
10.127.243.1:445
-
36.108.71.88:445
-
10.127.244.1:445
-
216.30.172.142:445
-
10.127.245.1:445
-
10.127.246.1:445
-
10.127.247.1:445
-
67.76.232.109:445
-
200.200.188.113:445
-
10.127.248.1:445
-
10.127.249.1:445
-
10.127.250.1:445
-
31.18.75.150:445
-
3.143.209.175:445
-
10.127.251.1:445
-
129.250.27.50:445
-
10.127.252.1:445
-
181.57.228.153:445 -
81.75.75.174:445 -
175.49.163.33:445
-
30.137.32.209:445
-
130.99.160.89:445
-
199.164.151.220:445
-
35.179.185.57:445
-
95.182.105.176:445 -
10.127.253.1:445
-
72.18.137.122:445
-
23.140.53.84:445
-
10.127.255.1:445
-
117.34.148.159:445
-
10.127.0.2:445
-
83.30.67.198:445 -
102.137.83.32:445 -
10.127.254.1:445
-
10.127.1.2:445
-
10.127.2.2:445
-
10.127.3.2:445
-
10.127.4.2:445
-
10.127.5.2:445
-
10.127.6.2:445
-
153.3.249.243:445
-
10.127.7.2:445
-
144.68.4.189:445
-
118.84.247.233:445
-
188.166.223.127:445
-
206.171.119.38:445
-
38.129.215.138:445
-
79.28.70.185:445
-
10.127.8.2:445
-
10.127.9.2:445
-
169.1.36.27:445 -
10.127.10.2:445
-
5.90.131.22:445
-
10.127.11.2:445
-
10.127.12.2:445
-
166.198.40.160:445
-
10.127.13.2:445
-
203.107.72.39:445
-
200.176.218.237:445
-
10.127.14.2:445
-
10.127.15.2:445
-
149.48.216.0:445
-
212.36.149.57:445
-
109.99.29.234:445 -
44.251.183.17:445
-
218.222.241.136:445
-
161.23.110.93:445
-
73.253.175.196:445
-
10.127.16.2:445
-
10.127.18.2:445
-
153.126.11.6:445
-
30.234.20.159:445
-
195.198.34.126:445
-
110.102.78.73:445
-
209.227.5.84:445
-
10.127.19.2:445
-
40.31.75.215:445
-
10.127.22.2:445
-
47.119.83.247:445
-
10.127.23.2:445
-
10.127.17.2:445
-
10.127.20.2:445
-
10.127.21.2:445
-
10.127.24.2:445
-
201.171.167.244:445
-
10.127.25.2:445
-
10.127.26.2:445
-
10.127.27.2:445
-
35.182.62.169:445
-
161.243.139.222:445
-
10.127.28.2:445
-
103.100.216.182:445
-
10.127.29.2:445
-
45.7.74.173:445
-
184.36.238.41:445
-
17.23.175.208:445
-
173.46.246.100:445
-
152.23.214.204:445
-
139.96.197.115:445
-
10.127.30.2:445
-
128.175.27.8:445
-
10.127.31.2:445
-
8.8.8.8:53www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comdns
DNS Request
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
DNS Response
103.224.212.215
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD5b6fb8bd123bd0c46cc1a17a2775569b5
SHA166f8bf693d6e2a83e9be412ac884f1cc95e0f61f
SHA25628bbb171c2fa89f6750e793daa0b6e093531a559ed3873cc7014a241ae93f22c
SHA5124a857085593378d6079d7f4246451fff600f09461ae4faf33d9cc52c9510a7b7005379a89d38ce635df206078a28a90b00122ac8de34ab26e09af297df316a19