Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26-08-2024 17:15
General
-
Target
c3771d736c9c8811ee5e44cbd533bc60_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
c3771d736c9c8811ee5e44cbd533bc60
-
SHA1
3001f0d67b254b9fac910b8dde2ee6bc29977b3a
-
SHA256
b10fedc2ddaeed43c2ca040123d060ec5af0fefc1a4ddc24f0b122b6734b8d86
-
SHA512
c7cb983880d3c730ed66ec7d437e55dfd2e16ba0cda82e9b09c25a845930e6240e4b774ddbaf7d0c1854cf20c085b1bfa668e4d39921e7563ef908b418416747
-
SSDEEP
98304:+8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2owc:+8qPe1Cxcxk3ZAEUadzR8yc4
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3296) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 3 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3771d736c9c8811ee5e44cbd533bc60_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3771d736c9c8811ee5e44cbd533bc60_JaffaCakes118.dll,#12⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i4⤵
- Executes dropped EXE
-
-
-
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe -m security1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4376,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.6MB
MD5cf12d9c5bc57c6383a318f8706b8ad43
SHA123160aca16fcfe713bf6a57be1d9d030434fb087
SHA25638d2b8c6e99de6bfc9cd5cd44d66123601e384caaaf0a885ab631c6ca156679f
SHA512a413d38c7c4b8c7cb4f96b077ac6fa37963f844a2910ee394b4c3adfcb62614d5f63b4ea6ce8aedd645fdd9bc1d464bee0972baab77c33e6301beb750e8c362d
-
Filesize
3.4MB
MD534e1278bb4509b217a58a294a596f1bb
SHA17aaf59e4b55c4f7f2095f98a16f1f196f7ce489f
SHA256548d1c00a50abc1fed1747c4008defea1e85486def98ba1d22849c09309c77da
SHA51247d24811a166abbc627ebef64e5cb8a88aa58f9a192f6f8020163702d566fd78947753cb47229f2a1bb591bcd3d012269277318e04db33575c76c1f1d5d2682d