General

  • Target

    d9180a5abf3cbe6d832ca4c20f93fea3_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240910-1p59dayckh

  • MD5

    d9180a5abf3cbe6d832ca4c20f93fea3

  • SHA1

    208b4b343e4c29f3c25190d1741784e69d01b9a2

  • SHA256

    fc806101e3f446a9421bf149f04217f252c66eb383eea291300a550291eb27db

  • SHA512

    be657953a298022114c40a108d1b2cfd6ddce3e2722940b4f89f64eacab274f5a3dfe4848ada548d410f693e7de77a5c1dd63d92e3b905a5f577455276a38c26

  • SSDEEP

    49152:znAQqMSVhnvxJM0H9PAMEcaEau3R8yAH1plAH:TDqVhvxWa9P593R8yAVp2H

Malware Config

Targets

    • Target

      d9180a5abf3cbe6d832ca4c20f93fea3_JaffaCakes118

    • Size

      5.0MB

    • MD5

      d9180a5abf3cbe6d832ca4c20f93fea3

    • SHA1

      208b4b343e4c29f3c25190d1741784e69d01b9a2

    • SHA256

      fc806101e3f446a9421bf149f04217f252c66eb383eea291300a550291eb27db

    • SHA512

      be657953a298022114c40a108d1b2cfd6ddce3e2722940b4f89f64eacab274f5a3dfe4848ada548d410f693e7de77a5c1dd63d92e3b905a5f577455276a38c26

    • SSDEEP

      49152:znAQqMSVhnvxJM0H9PAMEcaEau3R8yAH1plAH:TDqVhvxWa9P593R8yAVp2H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3265) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks