General

  • Target

    db203ae97938b49c4d91cbb8a8f499f4_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240911-yr7twa1aja

  • MD5

    db203ae97938b49c4d91cbb8a8f499f4

  • SHA1

    cde7c674f61b2ddc7da3a405f8d7e717b7797787

  • SHA256

    162b17147eb863250d401a4c89baf8e7325456dd5406fbdca53538a8dfd6248e

  • SHA512

    2d3a1dab1ea7b9ed9e7f45086b1a1e166f32545bdc931a2b18df681cedf73f2f6662f74dd7f19250a23e76378d5fd7f859667ba421083e88b0d31478d0626435

  • SSDEEP

    49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9c:+DqPoBhz1aRxcSUDk36SAEdhvxWa9c

Malware Config

Targets

    • Target

      db203ae97938b49c4d91cbb8a8f499f4_JaffaCakes118

    • Size

      5.0MB

    • MD5

      db203ae97938b49c4d91cbb8a8f499f4

    • SHA1

      cde7c674f61b2ddc7da3a405f8d7e717b7797787

    • SHA256

      162b17147eb863250d401a4c89baf8e7325456dd5406fbdca53538a8dfd6248e

    • SHA512

      2d3a1dab1ea7b9ed9e7f45086b1a1e166f32545bdc931a2b18df681cedf73f2f6662f74dd7f19250a23e76378d5fd7f859667ba421083e88b0d31478d0626435

    • SSDEEP

      49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9c:+DqPoBhz1aRxcSUDk36SAEdhvxWa9c

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3302) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks