General

  • Target

    7132eae1d2ab91a671d86a570bf63d99_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240525-ht941sab28

  • MD5

    7132eae1d2ab91a671d86a570bf63d99

  • SHA1

    a2ced89a4461bfab410c6129b48c9cdf1d0217b3

  • SHA256

    ece726d2ea8357094558db441fe71ec0bdc85ecf5ce625382f118711466264af

  • SHA512

    11b42cb4b2db128dd216adafce9917ee57ece1ba438c68fc342c3f5ef2c1fdeb5b9345cc15590c096a2f05389466bea00ec22497b05a327acb317c8b8f4a3cc3

  • SSDEEP

    49152:RnsEMSPbcBVQej/1INRx+TSqTdX1HkQo6S:1fPoBhz1aRxcSUDk36S

Malware Config

Targets

    • Target

      7132eae1d2ab91a671d86a570bf63d99_JaffaCakes118

    • Size

      5.0MB

    • MD5

      7132eae1d2ab91a671d86a570bf63d99

    • SHA1

      a2ced89a4461bfab410c6129b48c9cdf1d0217b3

    • SHA256

      ece726d2ea8357094558db441fe71ec0bdc85ecf5ce625382f118711466264af

    • SHA512

      11b42cb4b2db128dd216adafce9917ee57ece1ba438c68fc342c3f5ef2c1fdeb5b9345cc15590c096a2f05389466bea00ec22497b05a327acb317c8b8f4a3cc3

    • SSDEEP

      49152:RnsEMSPbcBVQej/1INRx+TSqTdX1HkQo6S:1fPoBhz1aRxcSUDk36S

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3273) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks