General

  • Target

    d91f7855e93b37beb95078d0213fe6c0_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240910-13kjtsyhnc

  • MD5

    d91f7855e93b37beb95078d0213fe6c0

  • SHA1

    4b02ec3393b58fc922fa0e33a50a7597fb1f2652

  • SHA256

    c5dcea9fb7b0f9017fc949b411d44bbf486fea0de66293c6d2df60d6b5443989

  • SHA512

    fde40fa23d579f408340f161f111206622757b25e1e1dbdff88d7d83a6e5ff4bd28e0c21dc468d20e828332def9da1362e786deef639bd23ef516bae1551b550

  • SSDEEP

    24576:SbLgddQhfdmMSirYbcMNgef09ME7A4kqAH1pNZtA0p+9XEk:SnAQqMSPbcBV9R8yAH1plAH

Malware Config

Targets

    • Target

      d91f7855e93b37beb95078d0213fe6c0_JaffaCakes118

    • Size

      5.0MB

    • MD5

      d91f7855e93b37beb95078d0213fe6c0

    • SHA1

      4b02ec3393b58fc922fa0e33a50a7597fb1f2652

    • SHA256

      c5dcea9fb7b0f9017fc949b411d44bbf486fea0de66293c6d2df60d6b5443989

    • SHA512

      fde40fa23d579f408340f161f111206622757b25e1e1dbdff88d7d83a6e5ff4bd28e0c21dc468d20e828332def9da1362e786deef639bd23ef516bae1551b550

    • SSDEEP

      24576:SbLgddQhfdmMSirYbcMNgef09ME7A4kqAH1pNZtA0p+9XEk:SnAQqMSPbcBV9R8yAH1plAH

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3310) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks