General

  • Target

    dff049b013e49a44fa132de8411036a5_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240914-lrx88axflq

  • MD5

    dff049b013e49a44fa132de8411036a5

  • SHA1

    c8410ae6872b70580d9fd0ec84cdbb14ce547a77

  • SHA256

    2a59b0d55f95cd7fc5be815d21c5c37bdeb34695838835eabca4f8b3f74efc6a

  • SHA512

    5662e6fa4903efab740d1af0cb85300beaabf551dd7fa46f3c1e05c39214da1aba84f8ee813a745ada9e46255fb7960120f869b81b54e7f4f822fd14c1d9279b

  • SSDEEP

    49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:TDqPoBhz1aRxcSUDk36SAEdhvxWa9

Malware Config

Targets

    • Target

      dff049b013e49a44fa132de8411036a5_JaffaCakes118

    • Size

      5.0MB

    • MD5

      dff049b013e49a44fa132de8411036a5

    • SHA1

      c8410ae6872b70580d9fd0ec84cdbb14ce547a77

    • SHA256

      2a59b0d55f95cd7fc5be815d21c5c37bdeb34695838835eabca4f8b3f74efc6a

    • SHA512

      5662e6fa4903efab740d1af0cb85300beaabf551dd7fa46f3c1e05c39214da1aba84f8ee813a745ada9e46255fb7960120f869b81b54e7f4f822fd14c1d9279b

    • SSDEEP

      49152:znAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:TDqPoBhz1aRxcSUDk36SAEdhvxWa9

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3114) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks