General

  • Target

    5597a3124d8b5532be08bf3dfe8ff4fb_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240518-thjy8sbd7y

  • MD5

    5597a3124d8b5532be08bf3dfe8ff4fb

  • SHA1

    6bceaba53120614c6aff23f935966f038bf2b244

  • SHA256

    753499a1d63d0875bf074feb0c9d81a6936fa7d1e5e0cc9acdf47cc1caeaa0a5

  • SHA512

    061f1e0ae7f79cf6319c66fb8ef92b637dae0d1581d502b49807f44373e7650374b4241b35949eaf0ca159874ac25f214300e005556725b94e0a0506de2d05c5

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:+DqPoBhz1aRxcSUDk36SA

Malware Config

Targets

    • Target

      5597a3124d8b5532be08bf3dfe8ff4fb_JaffaCakes118

    • Size

      5.0MB

    • MD5

      5597a3124d8b5532be08bf3dfe8ff4fb

    • SHA1

      6bceaba53120614c6aff23f935966f038bf2b244

    • SHA256

      753499a1d63d0875bf074feb0c9d81a6936fa7d1e5e0cc9acdf47cc1caeaa0a5

    • SHA512

      061f1e0ae7f79cf6319c66fb8ef92b637dae0d1581d502b49807f44373e7650374b4241b35949eaf0ca159874ac25f214300e005556725b94e0a0506de2d05c5

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:+DqPoBhz1aRxcSUDk36SA

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3302) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks