General

  • Target

    c307527207c6d89eb61b40d07d536058_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240826-p1wcrswamr

  • MD5

    c307527207c6d89eb61b40d07d536058

  • SHA1

    534aea4a2d00bd149758898903077e3c03692f5f

  • SHA256

    5215530ee738198b8d29b1a6d8499cb9fa1c25c93745e439656d9daccf75429f

  • SHA512

    591bafde69f3f7362e0b88a7ac86097da2c71bace9c1e1e3b75959edca60b47bb02b0b6fd8fd060416455ab290f8ff44bc667bd94536b414847df405e5f435c7

  • SSDEEP

    98304:+DQR1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DQR1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      c307527207c6d89eb61b40d07d536058_JaffaCakes118

    • Size

      5.0MB

    • MD5

      c307527207c6d89eb61b40d07d536058

    • SHA1

      534aea4a2d00bd149758898903077e3c03692f5f

    • SHA256

      5215530ee738198b8d29b1a6d8499cb9fa1c25c93745e439656d9daccf75429f

    • SHA512

      591bafde69f3f7362e0b88a7ac86097da2c71bace9c1e1e3b75959edca60b47bb02b0b6fd8fd060416455ab290f8ff44bc667bd94536b414847df405e5f435c7

    • SSDEEP

      98304:+DQR1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DQR1Cxcxk3ZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3131) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks