General

  • Target

    dffb92c0afe2eecda3ae8dc99f4fb5db_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240914-l9lyxazalb

  • MD5

    dffb92c0afe2eecda3ae8dc99f4fb5db

  • SHA1

    cec78b84ec2db7a72ac9e3014938f2e4bf956761

  • SHA256

    2375834bedd9f22ad5ab253ca9edfc87e864fd3c2e6292eccf7a39f30c1b8b53

  • SHA512

    7a798be9c773ba8699dc4e3ce6053850220582f12847d1d1403d97fc1632944ee76db083a9f88014061967d1f69853471356eb84bfe4dad5398091f3e90aa53d

  • SSDEEP

    98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9d593R8yAVp2gC:TDqPe1Cxcxk3ZAEUarzR8yc4

Malware Config

Targets

    • Target

      dffb92c0afe2eecda3ae8dc99f4fb5db_JaffaCakes118

    • Size

      5.0MB

    • MD5

      dffb92c0afe2eecda3ae8dc99f4fb5db

    • SHA1

      cec78b84ec2db7a72ac9e3014938f2e4bf956761

    • SHA256

      2375834bedd9f22ad5ab253ca9edfc87e864fd3c2e6292eccf7a39f30c1b8b53

    • SHA512

      7a798be9c773ba8699dc4e3ce6053850220582f12847d1d1403d97fc1632944ee76db083a9f88014061967d1f69853471356eb84bfe4dad5398091f3e90aa53d

    • SSDEEP

      98304:TDqPoBhz1aRxcSUDk36SAEdhvxWa9d593R8yAVp2gC:TDqPe1Cxcxk3ZAEUarzR8yc4

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3262) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks