General

  • Target

    de3c1185b81639f42fa0dce3064d14b9_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240913-m7bktszajh

  • MD5

    de3c1185b81639f42fa0dce3064d14b9

  • SHA1

    a246a3caab7b98c8fa95c81f42a299207885da6a

  • SHA256

    3ac96c4b9ae78707b2a3b7a47a08c62380b73ddec9a2e3633be582d0e5690456

  • SHA512

    5ec5097bfd6e4e229ddd25701373cf3e325b3dc4eef2f1d84e8074af144e4a08741fff12605b6eb4efe901d857db4f0a8d6d871d7015eaab6a1ad4f21c58242c

  • SSDEEP

    49152:SnAQqMSPbcBVQejvRdhQaEau3R8yAH1plAH:+DqPoBh1dhM3R8yAVp2H

Malware Config

Targets

    • Target

      de3c1185b81639f42fa0dce3064d14b9_JaffaCakes118

    • Size

      5.0MB

    • MD5

      de3c1185b81639f42fa0dce3064d14b9

    • SHA1

      a246a3caab7b98c8fa95c81f42a299207885da6a

    • SHA256

      3ac96c4b9ae78707b2a3b7a47a08c62380b73ddec9a2e3633be582d0e5690456

    • SHA512

      5ec5097bfd6e4e229ddd25701373cf3e325b3dc4eef2f1d84e8074af144e4a08741fff12605b6eb4efe901d857db4f0a8d6d871d7015eaab6a1ad4f21c58242c

    • SSDEEP

      49152:SnAQqMSPbcBVQejvRdhQaEau3R8yAH1plAH:+DqPoBh1dhM3R8yAVp2H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3246) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks