General

  • Target

    62186952d7ebb8df7124e96b530e0506JaffaCakes118

  • Size

    3.6MB

  • Sample

    240523-asbk3aeh53

  • MD5

    62186952d7ebb8df7124e96b530e0506

  • SHA1

    8b37c0307a823ca8abc3774f3426e6af8299fe86

  • SHA256

    ecc73f2f7a65a80ef14951805739c7f31b6eab21245b64823adf5cdb8fa2cf9a

  • SHA512

    b35b745c9bde4f0be4c1e9b8211e64011ffdb7e4a5418084db2059658898477b41c55d583214975dddb7b1d0bdab84d8206723366cfb2b3663a1f8fb8d227471

  • SSDEEP

    49152:XnAQqMSPbcXR2HeKIItNnd+TSqTdX1HkQo6SAAF:XDqPoiIItxdcSUDk36SA2

Malware Config

Targets

    • Target

      62186952d7ebb8df7124e96b530e0506JaffaCakes118

    • Size

      3.6MB

    • MD5

      62186952d7ebb8df7124e96b530e0506

    • SHA1

      8b37c0307a823ca8abc3774f3426e6af8299fe86

    • SHA256

      ecc73f2f7a65a80ef14951805739c7f31b6eab21245b64823adf5cdb8fa2cf9a

    • SHA512

      b35b745c9bde4f0be4c1e9b8211e64011ffdb7e4a5418084db2059658898477b41c55d583214975dddb7b1d0bdab84d8206723366cfb2b3663a1f8fb8d227471

    • SSDEEP

      49152:XnAQqMSPbcXR2HeKIItNnd+TSqTdX1HkQo6SAAF:XDqPoiIItxdcSUDk36SA2

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3296) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks