General

  • Target

    49eeae61470c56ac4f23ababadbdf083_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240516-hx5npshc8t

  • MD5

    49eeae61470c56ac4f23ababadbdf083

  • SHA1

    27e3843fcee252f00297d1f5c38767f4a5fae897

  • SHA256

    5da42d132b68024b5587297bec06039bf925f5cf9df6f22e91ba98e7aa8bc737

  • SHA512

    2fbed46d35ed1b0a44ee7a90314837e6291c045b074e9ace3895719ef9e86eec47a1210b983b7ef9b967f71122bc743a3589eaeb29919cefeabc7ea3a46cdc3e

  • SSDEEP

    98304:yDqPoBhzUxcSUDk36SAEdhvxWa9P593R8yAVp2HI:yDqPeUxcxk3ZAEUadzR8yc4HI

Malware Config

Targets

    • Target

      49eeae61470c56ac4f23ababadbdf083_JaffaCakes118

    • Size

      3.6MB

    • MD5

      49eeae61470c56ac4f23ababadbdf083

    • SHA1

      27e3843fcee252f00297d1f5c38767f4a5fae897

    • SHA256

      5da42d132b68024b5587297bec06039bf925f5cf9df6f22e91ba98e7aa8bc737

    • SHA512

      2fbed46d35ed1b0a44ee7a90314837e6291c045b074e9ace3895719ef9e86eec47a1210b983b7ef9b967f71122bc743a3589eaeb29919cefeabc7ea3a46cdc3e

    • SSDEEP

      98304:yDqPoBhzUxcSUDk36SAEdhvxWa9P593R8yAVp2HI:yDqPeUxcxk3ZAEUadzR8yc4HI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3285) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks