General

  • Target

    71355278822a182bc126997e58f45408_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240525-hxtansab75

  • MD5

    71355278822a182bc126997e58f45408

  • SHA1

    6a009f7b1efa74d9d245766a221a18624196792d

  • SHA256

    8310a6ae79b932a727b088c7310f7183df78f9be4451f21968ce04d1f320a093

  • SHA512

    1435771cb22ec7647545246a551c6fca7a2f21e931b3afc4f3cc4efc83cd1f4bb49f20782f4e914754c30556c4a85126eb29c7d46f04c643d3aca02a5b44a9b3

  • SSDEEP

    12288:yebLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DOaq1SK662Q:zbLgddQhfdmMSirYbcMNgef0lz662

Malware Config

Targets

    • Target

      71355278822a182bc126997e58f45408_JaffaCakes118

    • Size

      5.0MB

    • MD5

      71355278822a182bc126997e58f45408

    • SHA1

      6a009f7b1efa74d9d245766a221a18624196792d

    • SHA256

      8310a6ae79b932a727b088c7310f7183df78f9be4451f21968ce04d1f320a093

    • SHA512

      1435771cb22ec7647545246a551c6fca7a2f21e931b3afc4f3cc4efc83cd1f4bb49f20782f4e914754c30556c4a85126eb29c7d46f04c643d3aca02a5b44a9b3

    • SSDEEP

      12288:yebLgPlu+QhMbaIMu7L5NVErCA4z2g6rTcbckPU82900Ve7zw+K+DOaq1SK662Q:zbLgddQhfdmMSirYbcMNgef0lz662

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3169) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks