Overview

overview

10

Static

static

3

fde5064159...18.exe

windows7-x64

10

fde5064159...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fde5064159734ca55bb4ec6795c630e1_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240929-gah1ra1gnr

  • MD5

    fde5064159734ca55bb4ec6795c630e1

  • SHA1

    9eaec009d6e7a3005c5128c551fea62f89e2cfc2

  • SHA256

    ae70a934a5fb6aa90bedbfcd69d86be55c260696c2301d4bb15e7f5006198e06

  • SHA512

    39c6d436ebc9d33d34131ae308fc6a1dce6eba792b824407824e0182049cf32ed3341a698f1feed2abcdfaf6735163ae8559a0b53fe8d47e07c7d6e2d6201675

  • SSDEEP

    98304:8DqPoBhz1aRxcSUDk36SAEdhvxWa9P59Uc/J:8DqPe1Cxcxk3ZAEUadv

Score
10/10
wannacrydiscoveryevasionransomwareworm

Malware Config

Targets

    • Target

      fde5064159734ca55bb4ec6795c630e1_JaffaCakes118

    • Size

      3.6MB

    • MD5

      fde5064159734ca55bb4ec6795c630e1

    • SHA1

      9eaec009d6e7a3005c5128c551fea62f89e2cfc2

    • SHA256

      ae70a934a5fb6aa90bedbfcd69d86be55c260696c2301d4bb15e7f5006198e06

    • SHA512

      39c6d436ebc9d33d34131ae308fc6a1dce6eba792b824407824e0182049cf32ed3341a698f1feed2abcdfaf6735163ae8559a0b53fe8d47e07c7d6e2d6201675

    • SSDEEP

      98304:8DqPoBhz1aRxcSUDk36SAEdhvxWa9P59Uc/J:8DqPe1Cxcxk3ZAEUadv

    Score
    10/10
    wannacrydiscoveryransomwarewormevasion

    • Modifies firewall policy service

      evasion

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Contacts a large (3088) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in Drivers directory

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks