General

  • Target

    69cd7c10338cce7839bb57986216d2d6_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240523-flwwbaee53

  • MD5

    69cd7c10338cce7839bb57986216d2d6

  • SHA1

    703ee08fbc9bbdca65c0ea8ab5ec7f3f8a5ffec6

  • SHA256

    3066ff4a93647a69c266cfc3e75b355c92c5947a78687513c65b8d335e60b18b

  • SHA512

    5457f9c42da87e67e40c12a4517491835a0fe5fb781f91e50a5c421bfb63bf183770518e0fd42ffb82dbda0d3d2296fc395ca8eef2d873e482d15a6f6ccddbe5

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5bVp2H:+DqPe1Cxcxk3ZAEUad34H

Malware Config

Targets

    • Target

      69cd7c10338cce7839bb57986216d2d6_JaffaCakes118

    • Size

      5.0MB

    • MD5

      69cd7c10338cce7839bb57986216d2d6

    • SHA1

      703ee08fbc9bbdca65c0ea8ab5ec7f3f8a5ffec6

    • SHA256

      3066ff4a93647a69c266cfc3e75b355c92c5947a78687513c65b8d335e60b18b

    • SHA512

      5457f9c42da87e67e40c12a4517491835a0fe5fb781f91e50a5c421bfb63bf183770518e0fd42ffb82dbda0d3d2296fc395ca8eef2d873e482d15a6f6ccddbe5

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SAEdhvxWa9P5bVp2H:+DqPe1Cxcxk3ZAEUad34H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3053) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks