Overview

overview

10

Static

static

3

5b1e8f0413...18.exe

windows7-x64

10

5b1e8f0413...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b1e8f04135b5362ca85dfbe792c05b1_JaffaCakes118

  • Size

    3.7MB

  • Sample

    241019-gf845aserl

  • MD5

    5b1e8f04135b5362ca85dfbe792c05b1

  • SHA1

    d9df6321c85555045d0d27bf1c32c0165cff508e

  • SHA256

    1920772052aa9d0c768af3e71df062c9a96f795eed7e29eba20859113defbf1d

  • SHA512

    f66be42f9b502e6189853518cd9a8c63c62449bbebd2ce5cbf4949c3d9bed291f5c71f2b2f5941a350f2e6f6744c49829f7da8aba5b56dd3ddd11e782ceda726

  • SSDEEP

    98304:ZnGsCQ2ETK3oTToQ6pBjLmZOHmsiHW3vGEAdWiay:Q/LUK3KTqppLXG/+vGEAdWit

Score
10/10
wannacrydefense_evasiondiscoverypersistenceransomwarespywarestealerworm

Malware Config

Targets

    • Target

      5b1e8f04135b5362ca85dfbe792c05b1_JaffaCakes118

    • Size

      3.7MB

    • MD5

      5b1e8f04135b5362ca85dfbe792c05b1

    • SHA1

      d9df6321c85555045d0d27bf1c32c0165cff508e

    • SHA256

      1920772052aa9d0c768af3e71df062c9a96f795eed7e29eba20859113defbf1d

    • SHA512

      f66be42f9b502e6189853518cd9a8c63c62449bbebd2ce5cbf4949c3d9bed291f5c71f2b2f5941a350f2e6f6744c49829f7da8aba5b56dd3ddd11e782ceda726

    • SSDEEP

      98304:ZnGsCQ2ETK3oTToQ6pBjLmZOHmsiHW3vGEAdWiay:Q/LUK3KTqppLXG/+vGEAdWit

    Score
    10/10
    wannacrydefense_evasiondiscoverypersistenceransomwarespywarestealerworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks