Overview

overview

10

Static

static

3

ebfb728ffd...18.dll

windows7-x64

10

ebfb728ffd...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebfb728ffde51b0e9a3d38405074679a_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240919-xhq94avenj

  • MD5

    ebfb728ffde51b0e9a3d38405074679a

  • SHA1

    1e2c51318de80dd2cbb8bcc3f0fa22417d9a2bd1

  • SHA256

    9f8f4ebbd390496cd0e5e3a6a7d2463aee01ea04f7bfb5b21c71b3d4e046215c

  • SHA512

    38026242a37d7deecb2d71a32b0989cbd26718e244630bcd6a6b6939ed3848784949846a6c6ecd5ad8c6c6345099ce43c285fc3c3f91ae8fe64e85c96eea3db6

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SAEdhvxWao8yAVp2H:+DqPe1Cxcxk3ZAEUao8yc4H

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      ebfb728ffde51b0e9a3d38405074679a_JaffaCakes118

    • Size

      5.0MB

    • MD5

      ebfb728ffde51b0e9a3d38405074679a

    • SHA1

      1e2c51318de80dd2cbb8bcc3f0fa22417d9a2bd1

    • SHA256

      9f8f4ebbd390496cd0e5e3a6a7d2463aee01ea04f7bfb5b21c71b3d4e046215c

    • SHA512

      38026242a37d7deecb2d71a32b0989cbd26718e244630bcd6a6b6939ed3848784949846a6c6ecd5ad8c6c6345099ce43c285fc3c3f91ae8fe64e85c96eea3db6

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SAEdhvxWao8yAVp2H:+DqPe1Cxcxk3ZAEUao8yc4H

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3103) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks