General

  • Target

    d864a726081c0efb148b597a3bd94233_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240910-rx8j2azckf

  • MD5

    d864a726081c0efb148b597a3bd94233

  • SHA1

    9b662a6671fea44ae301f7970f375818e96d1052

  • SHA256

    1f04efbf85a2b196e5f696cb324936a0435effc516af128d32f1c101fe2640a8

  • SHA512

    015bf40553c861381434b43fa796cd5621b08ce10328b14f1719171de4bc81d00702fe444685f4903ec3abd7ffa75dd8f4f96e198cca2dc7b54b8477eb0ccff5

  • SSDEEP

    98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P593d:TDqPe1Cxcxk3ZAEUadzd

Malware Config

Targets

    • Target

      d864a726081c0efb148b597a3bd94233_JaffaCakes118

    • Size

      5.0MB

    • MD5

      d864a726081c0efb148b597a3bd94233

    • SHA1

      9b662a6671fea44ae301f7970f375818e96d1052

    • SHA256

      1f04efbf85a2b196e5f696cb324936a0435effc516af128d32f1c101fe2640a8

    • SHA512

      015bf40553c861381434b43fa796cd5621b08ce10328b14f1719171de4bc81d00702fe444685f4903ec3abd7ffa75dd8f4f96e198cca2dc7b54b8477eb0ccff5

    • SSDEEP

      98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9P593d:TDqPe1Cxcxk3ZAEUadzd

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3337) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks