General

  • Target

    de4e13b6b78a818f7a2f8085094565b8_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240913-psslxa1cnl

  • MD5

    de4e13b6b78a818f7a2f8085094565b8

  • SHA1

    79fbb145ad91ef777f4bdb7d3d31b22d469e05bb

  • SHA256

    ae65ff5a612f13d7755bca2ff5dfd5e0161a85eb893c4285b7b4b3f02c97d005

  • SHA512

    84a08e07f36d6dd38ce87c8568f52a22219b602e8ad809443783cc181a3cc2bc6c9a33f68f95b4450caf71de4b9d69224d5d3e6b4147fff480972d62d76802c2

  • SSDEEP

    98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9wp2H:d8qPe1Cxcxk3ZAEUaq4H

Malware Config

Targets

    • Target

      de4e13b6b78a818f7a2f8085094565b8_JaffaCakes118

    • Size

      5.0MB

    • MD5

      de4e13b6b78a818f7a2f8085094565b8

    • SHA1

      79fbb145ad91ef777f4bdb7d3d31b22d469e05bb

    • SHA256

      ae65ff5a612f13d7755bca2ff5dfd5e0161a85eb893c4285b7b4b3f02c97d005

    • SHA512

      84a08e07f36d6dd38ce87c8568f52a22219b602e8ad809443783cc181a3cc2bc6c9a33f68f95b4450caf71de4b9d69224d5d3e6b4147fff480972d62d76802c2

    • SSDEEP

      98304:d8qPoBhz1aRxcSUDk36SAEdhvxWa9wp2H:d8qPe1Cxcxk3ZAEUaq4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3291) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks