General

  • Target

    4b52472d77d4ad463b839822070b38aa_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240516-qtcgrafd95

  • MD5

    4b52472d77d4ad463b839822070b38aa

  • SHA1

    16c2dc68b60249b58efc629b4a7bb81fe3061613

  • SHA256

    c2d97f5bd1d30f542e60f21131f0493d27cfc10a444bc40327e72888f4637ca3

  • SHA512

    6be993a898fc00f5d7e4dc8da19810acddb8f916f1430140e10a1eda988ec692f489e092c739fd43a1afed6ad0e84ea0f2e1520e02378f2a0ba41efff479a505

  • SSDEEP

    98304:+DqboBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+Dqbe1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      4b52472d77d4ad463b839822070b38aa_JaffaCakes118

    • Size

      5.0MB

    • MD5

      4b52472d77d4ad463b839822070b38aa

    • SHA1

      16c2dc68b60249b58efc629b4a7bb81fe3061613

    • SHA256

      c2d97f5bd1d30f542e60f21131f0493d27cfc10a444bc40327e72888f4637ca3

    • SHA512

      6be993a898fc00f5d7e4dc8da19810acddb8f916f1430140e10a1eda988ec692f489e092c739fd43a1afed6ad0e84ea0f2e1520e02378f2a0ba41efff479a505

    • SSDEEP

      98304:+DqboBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+Dqbe1Cxcxk3ZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3193) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks