General

  • Target

    67fcc7df72b76127adce0d0fd8123841_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240522-vpgywsaa9t

  • MD5

    67fcc7df72b76127adce0d0fd8123841

  • SHA1

    98ac1e4b92c2d432b74b4658c109c13b6c9cc1ed

  • SHA256

    bd95ff37cb0adece2a0b80cb9d6d93f438639aced2f84a55347eab37e350ee67

  • SHA512

    1d681288295def6bc1bcc7e92e1c1d0577b4c2aaec84c0085a5182d0008a6c4409af6410d9a6eec2bad932aef82acf86861a362707f42bfd389612c36d8cc48e

  • SSDEEP

    49152:SnAQqMSPbcBVz+TSqTdX1HkQo6SAARdhnvxJM0H9:+DqPoBRcSUDk36SAEdhvxWa9

Malware Config

Targets

    • Target

      67fcc7df72b76127adce0d0fd8123841_JaffaCakes118

    • Size

      5.0MB

    • MD5

      67fcc7df72b76127adce0d0fd8123841

    • SHA1

      98ac1e4b92c2d432b74b4658c109c13b6c9cc1ed

    • SHA256

      bd95ff37cb0adece2a0b80cb9d6d93f438639aced2f84a55347eab37e350ee67

    • SHA512

      1d681288295def6bc1bcc7e92e1c1d0577b4c2aaec84c0085a5182d0008a6c4409af6410d9a6eec2bad932aef82acf86861a362707f42bfd389612c36d8cc48e

    • SSDEEP

      49152:SnAQqMSPbcBVz+TSqTdX1HkQo6SAARdhnvxJM0H9:+DqPoBRcSUDk36SAEdhvxWa9

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3159) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks