General

  • Target

    d9b74eee31998e83fdbda390976f0478_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240911-gcw1dsvfjl

  • MD5

    d9b74eee31998e83fdbda390976f0478

  • SHA1

    30cf09c8e6408832f906b9e599780c8152a6cc0d

  • SHA256

    e51312acc7bb484f92e75cd7815415bb0912fc69964f5b26db6b2a2a78ee220b

  • SHA512

    81f9df85b8988ce8072989b109b6249ffaf61c9e2ff76be161962e9a677e7b59463459da8a11feb681be5bd43103f3fad058fea1e1306feb9767994c6b2ee130

  • SSDEEP

    49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQ:TDqPoBhz1aRxcSUDk

Malware Config

Targets

    • Target

      d9b74eee31998e83fdbda390976f0478_JaffaCakes118

    • Size

      5.0MB

    • MD5

      d9b74eee31998e83fdbda390976f0478

    • SHA1

      30cf09c8e6408832f906b9e599780c8152a6cc0d

    • SHA256

      e51312acc7bb484f92e75cd7815415bb0912fc69964f5b26db6b2a2a78ee220b

    • SHA512

      81f9df85b8988ce8072989b109b6249ffaf61c9e2ff76be161962e9a677e7b59463459da8a11feb681be5bd43103f3fad058fea1e1306feb9767994c6b2ee130

    • SSDEEP

      49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQ:TDqPoBhz1aRxcSUDk

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3282) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks