General

  • Target

    67a68b7590cf26ab01bd1ec684d61203_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240522-sb21ssfb6t

  • MD5

    67a68b7590cf26ab01bd1ec684d61203

  • SHA1

    d801634c4b483386d893962495e8b8661e425380

  • SHA256

    134fc93ba99c0eb86bdfcc81241c2d5c5c664e59e93e64a249893de2babd9db0

  • SHA512

    584102e491919cb6522902bab41d806c9e3e7980ea4f8d9883fe8bd2a7e6f48765a73eb0d7f2765a001ed1450cefea09fdd63245117c43c7434e13a7adf7ea97

  • SSDEEP

    98304:+DqPoBhz1aRxcSUZk36SAEdx0B6GIk9BSa:+DqPe1Cxc7k3ZAEX0B6GIk9BSa

Malware Config

Targets

    • Target

      67a68b7590cf26ab01bd1ec684d61203_JaffaCakes118

    • Size

      5.0MB

    • MD5

      67a68b7590cf26ab01bd1ec684d61203

    • SHA1

      d801634c4b483386d893962495e8b8661e425380

    • SHA256

      134fc93ba99c0eb86bdfcc81241c2d5c5c664e59e93e64a249893de2babd9db0

    • SHA512

      584102e491919cb6522902bab41d806c9e3e7980ea4f8d9883fe8bd2a7e6f48765a73eb0d7f2765a001ed1450cefea09fdd63245117c43c7434e13a7adf7ea97

    • SSDEEP

      98304:+DqPoBhz1aRxcSUZk36SAEdx0B6GIk9BSa:+DqPe1Cxc7k3ZAEX0B6GIk9BSa

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3287) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks