General

  • Target

    63a991006af2616ad323958bbd347c90_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240521-r3t9lahd89

  • MD5

    63a991006af2616ad323958bbd347c90

  • SHA1

    cc0d90b22aa8053ea9e132889bca45e43ca900ac

  • SHA256

    253d832ea20c6faee0825c1926b2412686c83f9f1521a7817bd91df1ae0208e6

  • SHA512

    ac5abaf38c705713051debaf9f0133ee26eb53aff619e9a747d916b4861abf254a0cacd45b76207053e5fd849127716526779b856b4507102dfd63b819bf2144

  • SSDEEP

    49152:SnAQqMSPbcBV3GGafYzflm+fZTFZIGayscOqd2vC0+KtARUbfMpr7WvCS:+DqPoBQ+iUP0e9y0lWCS

Malware Config

Targets

    • Target

      63a991006af2616ad323958bbd347c90_JaffaCakes118

    • Size

      5.0MB

    • MD5

      63a991006af2616ad323958bbd347c90

    • SHA1

      cc0d90b22aa8053ea9e132889bca45e43ca900ac

    • SHA256

      253d832ea20c6faee0825c1926b2412686c83f9f1521a7817bd91df1ae0208e6

    • SHA512

      ac5abaf38c705713051debaf9f0133ee26eb53aff619e9a747d916b4861abf254a0cacd45b76207053e5fd849127716526779b856b4507102dfd63b819bf2144

    • SSDEEP

      49152:SnAQqMSPbcBV3GGafYzflm+fZTFZIGayscOqd2vC0+KtARUbfMpr7WvCS:+DqPoBQ+iUP0e9y0lWCS

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3138) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks