General

  • Target

    d7ad80f2f8d5b28983310cefffcf8878_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240910-gnnhdszajp

  • MD5

    d7ad80f2f8d5b28983310cefffcf8878

  • SHA1

    5e51b23489c64b155b653669fd8c7fa882bfe50a

  • SHA256

    1351f27d0b7e0d1f4700162d4f91dc93bb43a2aefa0ba22f86056bc6444a9703

  • SHA512

    1af14e752d5e8e492d3f0d576f78674b81b5f15a55474299e6200826a66446c17c0c44a40fc27c60d906d03fabf368287e3707e71b2d46c7e409109307f0cf87

  • SSDEEP

    98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P59:TDqPe1Cxcxk3ZAEUad

Malware Config

Targets

    • Target

      d7ad80f2f8d5b28983310cefffcf8878_JaffaCakes118

    • Size

      5.0MB

    • MD5

      d7ad80f2f8d5b28983310cefffcf8878

    • SHA1

      5e51b23489c64b155b653669fd8c7fa882bfe50a

    • SHA256

      1351f27d0b7e0d1f4700162d4f91dc93bb43a2aefa0ba22f86056bc6444a9703

    • SHA512

      1af14e752d5e8e492d3f0d576f78674b81b5f15a55474299e6200826a66446c17c0c44a40fc27c60d906d03fabf368287e3707e71b2d46c7e409109307f0cf87

    • SSDEEP

      98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P59:TDqPe1Cxcxk3ZAEUad

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3248) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks