Overview

overview

10

Static

static

3

f5edfb2c73...18.dll

windows7-x64

10

f5edfb2c73...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5edfb2c732e903f70e6f59b95b11337_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240925-nr7h1awgjd

  • MD5

    f5edfb2c732e903f70e6f59b95b11337

  • SHA1

    896bee860f09bd7a8afe993ea4e5930ebe1d0184

  • SHA256

    883724cb261e190d56d9d07b33538157d4f9cb8c1c0b8f943058444544ddfe7d

  • SHA512

    c1283596f13b3d5b64f1dcc88d55fd06e6ff3a1444787b09639e3e6bf6f3b6b723ab927c37d7eec55cd1277da33823584b224ccbf207f506b55e220c41b3dd78

  • SSDEEP

    49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAME:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P5

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Targets

    • Target

      f5edfb2c732e903f70e6f59b95b11337_JaffaCakes118

    • Size

      5.0MB

    • MD5

      f5edfb2c732e903f70e6f59b95b11337

    • SHA1

      896bee860f09bd7a8afe993ea4e5930ebe1d0184

    • SHA256

      883724cb261e190d56d9d07b33538157d4f9cb8c1c0b8f943058444544ddfe7d

    • SHA512

      c1283596f13b3d5b64f1dcc88d55fd06e6ff3a1444787b09639e3e6bf6f3b6b723ab927c37d7eec55cd1277da33823584b224ccbf207f506b55e220c41b3dd78

    • SSDEEP

      49152:JnjQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAME:d8qPoBhz1aRxcSUDk36SAEdhvxWa9P5

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3187) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks