Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-09-2024 13:50
General
-
Target
efeea1dc1f737548620a9d942b49f56b_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
efeea1dc1f737548620a9d942b49f56b
-
SHA1
8baf6e9a7f4413c38f8952abe2e242ee519afd16
-
SHA256
6e52be915d36b85beac21bbc7d03fc8aeb7e2acfc8f4877a3fa319936a2e2fb2
-
SHA512
341cbd9af4670c5b32fce44f2446d2fb566ad3cdb44e63559299aed726d18857ae7de11bd41fdc0ec57acd25a47fcc5ac401c0347551782b83065df8a833bf8d
-
SSDEEP
49152:znAQqMSPbcBVQvxJM0H9PAMEc6Eau3R8yAH1plAH:TDqPoB6xWa9P5h3R8yAVp2H
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (3346) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 3 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efeea1dc1f737548620a9d942b49f56b_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\efeea1dc1f737548620a9d942b49f56b_JaffaCakes118.dll,#12⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe3⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\WINDOWS\tasksche.exeC:\WINDOWS\tasksche.exe /i4⤵
- Executes dropped EXE
-
-
-
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe -m security1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3364,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.6MB
MD5839b0259ec2f9851354309dc7e76429e
SHA1c4cb1ced207bd12dd1d41f2e937a3f1601217367
SHA256bd856978c8a8aca2a5cbd853bfc730585ee6c6149f0a3150397d19f9434d36a5
SHA51212d83318f5c67866f1f45b0a5fd0fd5e0709fdc1de24c6a1f4af200c64c8a8e1313ea41cad1f3a0865c3eed0982e29bf53a3b7c77cba9c8ee4a51ed6e31d4176
-
Filesize
3.4MB
MD5a566ff92ef6b70b984646bb4779b6d57
SHA11559bb4d66394e107a7116936c5d3187e4e64f3b
SHA25639bf3b595cb0d3ac9b42270538430826737d29431139a1fadf9b98fea7effe3c
SHA5126d2ab9232640ea726f352ff104e0506b9f6f8e3ef3f5bcc32b4be20528ec70b98f12a3143046163fe567fd39dfef195a2160e1b4de40ec5ab500e5651db7bd71