General
-
Target
9d998584fbf16bf034b7fb71e79d8575_JaffaCakes118
-
Size
5.0MB
-
Sample
240611-k5la5ssbrp
-
MD5
9d998584fbf16bf034b7fb71e79d8575
-
SHA1
ebf50f397afce4e7ad5cebce065261ad750c2aba
-
SHA256
fea38ad86326cec84e4ca8da0d4ead6813cc98168e873437f1cf0a24f4560a32
-
SHA512
0c58dcf7258bc5bc8a2e8e3a87b7b9cb056759e9953ae99f3932a9b68229bd769725e6352cfaad36f9e23f878a21605ed57092bd93ad4e964a80cc4f128e5134
-
SSDEEP
49152:AnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAZ0vZ6GIkX:ADqPoBhz1aRxcSUDk36SAc0B6GIkX
Malware Config
Targets
-
-
Target
9d998584fbf16bf034b7fb71e79d8575_JaffaCakes118
-
Size
5.0MB
-
MD5
9d998584fbf16bf034b7fb71e79d8575
-
SHA1
ebf50f397afce4e7ad5cebce065261ad750c2aba
-
SHA256
fea38ad86326cec84e4ca8da0d4ead6813cc98168e873437f1cf0a24f4560a32
-
SHA512
0c58dcf7258bc5bc8a2e8e3a87b7b9cb056759e9953ae99f3932a9b68229bd769725e6352cfaad36f9e23f878a21605ed57092bd93ad4e964a80cc4f128e5134
-
SSDEEP
49152:AnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAZ0vZ6GIkX:ADqPoBhz1aRxcSUDk36SAc0B6GIkX
Score10/10-
Modifies firewall policy service
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (2640) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-