Overview

overview

10

Static

static

3

cf8b93b7cd...18.dll

windows7-x64

10

cf8b93b7cd...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf8b93b7cdc5a160a13ba9005cc1a22a_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240906-ps4deaxbrh

  • MD5

    cf8b93b7cdc5a160a13ba9005cc1a22a

  • SHA1

    afc4386ff1244833febc67bded46fc3be2aea644

  • SHA256

    e937c20a96c0d4df624432e70de793f9854b2df1be1fc67e9a18133177056861

  • SHA512

    c18c7a9bc36f990bb2b9223e74a867454eae7acae3e6b2b99ee2c84c4a9c540047f825f3b17203a85f00a4c9c2e3c95c931309acc1da2f097c145454cddd10b5

  • SSDEEP

    98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:dDqPe1Cxcxk3ZAEUadzR8yc4H

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      cf8b93b7cdc5a160a13ba9005cc1a22a_JaffaCakes118

    • Size

      5.0MB

    • MD5

      cf8b93b7cdc5a160a13ba9005cc1a22a

    • SHA1

      afc4386ff1244833febc67bded46fc3be2aea644

    • SHA256

      e937c20a96c0d4df624432e70de793f9854b2df1be1fc67e9a18133177056861

    • SHA512

      c18c7a9bc36f990bb2b9223e74a867454eae7acae3e6b2b99ee2c84c4a9c540047f825f3b17203a85f00a4c9c2e3c95c931309acc1da2f097c145454cddd10b5

    • SSDEEP

      98304:dDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:dDqPe1Cxcxk3ZAEUadzR8yc4H

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3325) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks