General

  • Target

    df36dea50835289e2bfaa623724a5c23_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240914-behmwszbja

  • MD5

    df36dea50835289e2bfaa623724a5c23

  • SHA1

    d78fab0eeeca60fe2a4269ddc1e81b4b35472d01

  • SHA256

    f1e276efe42dcb89b2c061bb14c68c9db8d15bc1647f849475e1796992eacbf5

  • SHA512

    7281cd01b9a3efa41fd107abb55dbd3b0bdff92b7d42e51addd14998752a958dac3621f050a173adb5e753f53992861a3170577faddaf4fba8675bbb2a3d7ade

  • SSDEEP

    98304:TDqPoBhz1aRxcSUDk36SAEdhvnUxuxZwLFGjaOgdN:TDqPe1Cxcxk3ZAETKOS02Oy

Malware Config

Targets

    • Target

      df36dea50835289e2bfaa623724a5c23_JaffaCakes118

    • Size

      5.0MB

    • MD5

      df36dea50835289e2bfaa623724a5c23

    • SHA1

      d78fab0eeeca60fe2a4269ddc1e81b4b35472d01

    • SHA256

      f1e276efe42dcb89b2c061bb14c68c9db8d15bc1647f849475e1796992eacbf5

    • SHA512

      7281cd01b9a3efa41fd107abb55dbd3b0bdff92b7d42e51addd14998752a958dac3621f050a173adb5e753f53992861a3170577faddaf4fba8675bbb2a3d7ade

    • SSDEEP

      98304:TDqPoBhz1aRxcSUDk36SAEdhvnUxuxZwLFGjaOgdN:TDqPe1Cxcxk3ZAETKOS02Oy

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3041) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks