General

  • Target

    56f5f986dea620bcf28e6d3578142d23_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240518-1ns8eshh56

  • MD5

    56f5f986dea620bcf28e6d3578142d23

  • SHA1

    b74134312a3fc48171f32ab00ac50798e0a32691

  • SHA256

    d599760e9af9f217d574e67cec0733c7adc5f96d7a1934e4bbea050f33e42960

  • SHA512

    cf2754cec156519706134f888c670bcb0f03c1c69165c923bdc1fe6307045cdc3439877c81f65eccb24b4f69e8cb91de892e2428721c3d0c5cadb220346a43ef

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEc0:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5

Malware Config

Targets

    • Target

      56f5f986dea620bcf28e6d3578142d23_JaffaCakes118

    • Size

      5.0MB

    • MD5

      56f5f986dea620bcf28e6d3578142d23

    • SHA1

      b74134312a3fc48171f32ab00ac50798e0a32691

    • SHA256

      d599760e9af9f217d574e67cec0733c7adc5f96d7a1934e4bbea050f33e42960

    • SHA512

      cf2754cec156519706134f888c670bcb0f03c1c69165c923bdc1fe6307045cdc3439877c81f65eccb24b4f69e8cb91de892e2428721c3d0c5cadb220346a43ef

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEc0:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3194) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks