General

  • Target

    dcbe1e887c121da0cebd9e40892f8a2e_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240912-wdzj8swdqk

  • MD5

    dcbe1e887c121da0cebd9e40892f8a2e

  • SHA1

    3cf0e920dd8969ed039c1ee82fa3f00bf48e0e18

  • SHA256

    c30e2080d3e7fc40e6078c4bad6618bbed86f2b17e7ab6ef11c391999605210a

  • SHA512

    bfafa9a297ff5b21a2cf56ae6a1e5f0fd59b2c5f427b9811f28f1b2e565a37c85c503cf22d2a7c2891753935fc04d0ec60443b8e93e906c9edc5a36b23a440dd

  • SSDEEP

    6144:GE9l9yNqIYVTH5DgSg8ajldktM0XXrs2Qh2I:GwbLgPluxQh2I

Malware Config

Targets

    • Target

      dcbe1e887c121da0cebd9e40892f8a2e_JaffaCakes118

    • Size

      3.6MB

    • MD5

      dcbe1e887c121da0cebd9e40892f8a2e

    • SHA1

      3cf0e920dd8969ed039c1ee82fa3f00bf48e0e18

    • SHA256

      c30e2080d3e7fc40e6078c4bad6618bbed86f2b17e7ab6ef11c391999605210a

    • SHA512

      bfafa9a297ff5b21a2cf56ae6a1e5f0fd59b2c5f427b9811f28f1b2e565a37c85c503cf22d2a7c2891753935fc04d0ec60443b8e93e906c9edc5a36b23a440dd

    • SSDEEP

      6144:GE9l9yNqIYVTH5DgSg8ajldktM0XXrs2Qh2I:GwbLgPluxQh2I

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3230) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks