General

  • Target

    6671a8c1f7db3f146f562b114219a57b_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240522-h4wdlsga38

  • MD5

    6671a8c1f7db3f146f562b114219a57b

  • SHA1

    871c6d5567b8b0999be568f23672915836cd8c41

  • SHA256

    9209b7bf78a3e064358626d59b608cf90e4913e3ed6cc0482b845c14ed8837db

  • SHA512

    71236eca5b638952c2084020547596edbded3f1c4ca5e12bf0ce5cd6d56b38cf46746d0c2cc21c8c16b86770067c92e701f8973883ffa2d73dee68c17299573d

  • SSDEEP

    49152:SnAQqMSPbcBVQCj/1INUusG5VoEYVrG2SY7Vp/XNg:+DqPoBtz1aUZLFy2V1

Malware Config

Targets

    • Target

      6671a8c1f7db3f146f562b114219a57b_JaffaCakes118

    • Size

      5.0MB

    • MD5

      6671a8c1f7db3f146f562b114219a57b

    • SHA1

      871c6d5567b8b0999be568f23672915836cd8c41

    • SHA256

      9209b7bf78a3e064358626d59b608cf90e4913e3ed6cc0482b845c14ed8837db

    • SHA512

      71236eca5b638952c2084020547596edbded3f1c4ca5e12bf0ce5cd6d56b38cf46746d0c2cc21c8c16b86770067c92e701f8973883ffa2d73dee68c17299573d

    • SSDEEP

      49152:SnAQqMSPbcBVQCj/1INUusG5VoEYVrG2SY7Vp/XNg:+DqPoBtz1aUZLFy2V1

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3221) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks