General

  • Target

    dc2652699bfb0a04b639db5b7ea17f99_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240912-k5sp8azhkj

  • MD5

    dc2652699bfb0a04b639db5b7ea17f99

  • SHA1

    bf5e71c716c8a6a3632a1f0ca631faf942ce0b9e

  • SHA256

    993e5aec92db5f75b29d8f25ede03682f41f5a1e0dff2891a468dd29fd495911

  • SHA512

    f65a9b62c282b21e1d2237ced8b8fafb242e22a917222fc00250b2fa56bd7a3d0cc7a8ecf6540d8f7b0d0c5bbb46ecf892ad347f96f64e7b0e84de6f00a56a31

  • SSDEEP

    98304:+DqPoBhz1aRxcSUDk36SA+4sssPRh5EXaeCpL4:+DqPe1Cxcxk3ZAyRhWXaN4

Malware Config

Targets

    • Target

      dc2652699bfb0a04b639db5b7ea17f99_JaffaCakes118

    • Size

      5.0MB

    • MD5

      dc2652699bfb0a04b639db5b7ea17f99

    • SHA1

      bf5e71c716c8a6a3632a1f0ca631faf942ce0b9e

    • SHA256

      993e5aec92db5f75b29d8f25ede03682f41f5a1e0dff2891a468dd29fd495911

    • SHA512

      f65a9b62c282b21e1d2237ced8b8fafb242e22a917222fc00250b2fa56bd7a3d0cc7a8ecf6540d8f7b0d0c5bbb46ecf892ad347f96f64e7b0e84de6f00a56a31

    • SSDEEP

      98304:+DqPoBhz1aRxcSUDk36SA+4sssPRh5EXaeCpL4:+DqPe1Cxcxk3ZAyRhWXaN4

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3205) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks