General

  • Target

    7120a143729288157fb3356fc60205bc_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240525-haeh1ahd65

  • MD5

    7120a143729288157fb3356fc60205bc

  • SHA1

    45b703b0353d71541c8abd6faea7e57c3adca5fb

  • SHA256

    a2764aa6b77f04df6ec82a911405ae75a9315093d1836091c386669f6da2cff5

  • SHA512

    4e5d49f7e5b3171e9488a660ee67847160144e428a8219311cd437a8df3c0c0fbd4be6a6d48c26b6a9a0d9db2f2fd3c4afc255c41a1a5a617799ae36d1ed6847

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SA8dhvxWa9P5FyAVp2H:+DqP21Cxcxk3ZA8Uadvyc4H

Malware Config

Targets

    • Target

      7120a143729288157fb3356fc60205bc_JaffaCakes118

    • Size

      5.0MB

    • MD5

      7120a143729288157fb3356fc60205bc

    • SHA1

      45b703b0353d71541c8abd6faea7e57c3adca5fb

    • SHA256

      a2764aa6b77f04df6ec82a911405ae75a9315093d1836091c386669f6da2cff5

    • SHA512

      4e5d49f7e5b3171e9488a660ee67847160144e428a8219311cd437a8df3c0c0fbd4be6a6d48c26b6a9a0d9db2f2fd3c4afc255c41a1a5a617799ae36d1ed6847

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SA8dhvxWa9P5FyAVp2H:+DqP21Cxcxk3ZA8Uadvyc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3220) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks